Work options: Remote
Remote, US
Title: Information Risk Management Analyst
Location: Remote, US
Duration: 4 months contract
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.
We’re looking for a Information Risk Management Analyst. This role on the Information Risk Management team will deliver against an information security/cybersecurity assessment plan that is integrated into a broader risk management program supported by executive management. Our ideal candidate has superb communication skills, as well as analytical and problem-solving skills.
What You Will Work On
This role will be working with the Information Risk Management team and performing these key tasks:
- Identify, document and elevate visibility to information risk, where business direction creates potential for exposure to employee, athlete and product sensitive data streams.
- Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key system configurations and complex IT infrastructures (e.g. cloud services).
- Evaluate vendor processes at the point of engagement with NIKE and ensure sufficient validation of data sharing arrangements and agreements protect NIKE’s sensitive information.
- Perform formal risk assessments on partner and vendor connections and ensure the business objectives align with the type and volume of data used in maintaining a “need to know/use” mindset.
- Become an advocate of NIKE Information security procedures, policies, and processes, and standards as a mechanism to enable the business effectively while managing risk appropriately.
- Provide enforcement of security policies, standards and procedures by working cross functionally with Compliance and Governance functions within the Corporate Information Security organization.
- Know the latest information security technologies, trends, standards, and methodologies.
Who You Will Work With
This role reports to the Director of Information Risk Management within Corporate Information Security (CIS). You will need to create strong partnerships with Nike business owners, CIS, and various governance and legal functions (e.g. Audit or Privacy).
What You Bring
- Bachelor's degree in Business Information Management, Computer Science or related field, OR relevant experience in lieu of a degree
- Knowledge of information security principles and practices, best practice security architectures, general procedures and guidelines.
- A general understanding of technology use, trends and risks as it applies in a business context and environment.
- Superb communication skills (written and verbal) with comfort and experience in presentation delivery, and proven persuasion skills
- Experience identifying solutions for complex problems in enterprise environments, and proven analytical and problem solving ability
- The ability to appropriately communicate complex security risks to non-technical staff
- Must be trustworthy in keeping sensitive data confidential
