Senior Information Security Analyst
Nike · Beaverton, OR · 1 wk ago
RemoteRemoteInformation TechnologyContract
Responsibilities
- Vendor Information Risk Assessments
- Perform formal risk assessments on partner and vendor connections.
- Evaluate vendor processes at the point of engagement with Nike.
- Ensure sufficient validation of data sharing arrangements and agreements to protect Nike's sensitive information.
- Confirm business objectives align with the type and volume of data used, maintaining a "need to know/use" mindset.
- Review third-party SOC reports and vendor security documentation as part of assessment activities.
- Help establish risk and remediation ownership for identified vendor-related risks and document findings in the Risk Register.
- Security Controls Baseline Assessments
- Assess moderately complex platforms and systems against Nike security and configuration standards.
- Evaluate and process exceptions to information security policies and standards.
- Perform compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems.
- Consult with technology units on IT general controls (ITGCs) and compliance matters.
- Champion information security policies, standards, controls, and processes so compliance requirements are addressed as part of business-as-usual operations.
- Internal Risk Assessments
- Identify, document, and elevate visibility to information risk where business direction creates potential exposure to employee, athlete, and product sensitive data streams.
- Identify and profile Nike systems and processes that require risk assessments; scope specific assessments accordingly.
- Perform detailed analysis of threats and vulnerabilities across information security domains including network security, asset security, security engineering, identity and access management, security operations, and software development security.
- Review key system configurations and complex IT infrastructures (e.g., cloud services).
- Communicate effectively through risk reports, presentations, and stakeholder interactions to drive remediation of identified risks.
- Data Analysis and Other Projects
- Support vendor risk management metrics, reporting, and master data stewardship to improve accuracy, timeliness, and completeness.
- Provide analysis and insights into data supporting the effectiveness of technical and process-based cybersecurity controls.
- Collaborate on process improvements for data retrieval, analysis, and risk assessment intake.
- Contribute to IRM team projects and strategic initiatives as assigned, including documentation in ServiceNow (SNOW) and Box.
- Execute targeted internal and external (vendor) risk assessments in support of IRM strategy, following established team processes and enablers.
- Be proactive in anticipating next steps in the risk assessment process and take action accordingly.
- Collaborate with team members on assessment approach, scoping, documentation, and issue presentation activities.
- Serve as an information security and CIS ambassador to Nike lines of business and management.
- Provide enforcement of security policies, standards, and procedures by working cross-functionally with Compliance and Governance functions.
- Stay current on information security technologies, trends, standards, best practices, and emerging threats and vulnerabilities.
Qualifications
- Bachelor's degree in Business Information Management, Computer Science, or a related field, OR relevant experience in lieu of a degree.
- 5+ years of experience in information security, risk management, GRC, or a related field.
- Knowledge of information security principles and practices, best practice security architectures, general procedures, and guidelines.
- Knowledge of information security frameworks and best practices (e.g., NIST, ISO 27000, COBIT, COSO).
- Experience performing vendor/third-party risk assessments and internal information security risk assessments.
- Experience assessing systems against security standards and performing control validation or baseline assessments.
- Experience reviewing third-party SOC reports preferred.
- A general understanding of technology use, trends, and risks as they apply in a business context and environment.
- Strong analytical and problem-solving skills with experience identifying solutions for complex problems in enterprise environments.
- Superb communication skills (written and verbal) with comfort and experience in presentation delivery and proven persuasion skills.
- The ability to appropriately communicate complex security risks to non-technical staff.
- Experience with ServiceNow, Confluence, or Jira preferred.
- Advanced knowledge of Excel and PowerPoint; experience organizing and analyzing large datasets preferred.
- CISSP, CISM, CRISC, or relevant GIAC Management Focus Area certifications preferred.
- Must be trustworthy in keeping sensitive data confidential.
- Demonstrated desire for continual learning and improvement.