About the jobBecome a Part of the NIKE, Inc. TeamNIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At NIKE, Inc. it's about each person bringing skills and passion to a challenging and constantly evolving game.NIKE is a technology company. From our flagship website and five-star mobile apps to developing products, managing big data and providing leading edge engineering and systems support, our teams at NIKE Global Technology exist to revolutionize the future at the confluence of tech and sport. We invest and develop advances in technology and employ the most creative people in the world, and then give them the support to constantly innovate, iterate and serve consumers more directly and personally. Our teams are innovative, diverse, multidisciplinary and collaborative, taking technology into the future and bringing the world with it.Who Are We Looking ForWe're looking for an Information Security Analyst to join Nike's Corporate Information Security Governance, Risk, and Compliance (GRC) team, which is responsible for enterprise wide GRC ensuring Nike leadership has the information needed to make strategic risk-based decisions and maintain compliance with international regulations while enabling the achievement of Nike business objectives globally. This role will meet with business and technology teams across Nike and consult with them on their security and compliance requirements. We are looking for an individual who is passionate about GRC, someone with a good working knowledge of industry best practice frameworks, such as ISO, NIST and CoBIT.What Will You Work OnIf this is you, you'll be working with the GRC team and performing these key tasks:Assess moderately complex platforms against Nike security and configuration standardsEvaluate and process exceptions to information security policies and standardsParticipate in complex internal risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology ownersPerform risk assessments of critical third-party vendors and ensure the business objectives align with the type and volume of data used in maintaining a "need to know/use" mindsetUtilize your thorough understanding of ITGC's to consult with Technology units on compliance mattersChampion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of "business as usual" operationsLead Nike business units in control design and control operations related in support of compliance requirementsPerform Compliance control validation testing to determine the operating effectiveness of IT controls for scoped systemsProvide analysis and insights into data supporting the effectiveness of technical and process-based cyber security controls and establish automated data pipelines that feed data visualization tools, such as TableauCollaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout NIKEHelp drive execution of the Information Security training programs. Ensure the workforce stays fully informed on information security through formal trainings and oversee the development and delivery of security training and awareness campaignsEffective, positive verbal and written communication skills and experienced creating and developing high-quality PowerPoint presentationsWho Will You Work WithYou will report into the Governance, Risk and Compliance - India Technology Center Director , in support of global GRC processes and procedures, and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike. You will regularly meet with Nike business and technology teams.What You BringKnowledge of information security principles and practices, general procedures and guidelinesA general understanding of technology use, trends and risks as it applies in a business context and environmentExperience reviewing third party SOC reportsExperience/working knowledge with PCI DSS (Former QSA is a benefit).Knowledge of information security principles, frameworks, and best practices (e.g., PCI DSS, COBIT, COSO, NIST and ISO 27000)Excellent collaboration skills - must be eager to work as part of a cohesive team and work as a partner to others within Nike, Inc. both at WHQ and globallyExperience with ServiceNow, Confluence or JIRANIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.BenefitsWhether it's transportation or financial health, we continually invest in our employees to help them achieve greatness - inside and outside of work. All who work here should be able to realize their full potential.
