Senior Cyber Security Analyst

Nike, Inc.

Shanghai, Shanghai, China Mainland


0 year(s)
Full-Time
N/A


Job Description
Become a Part of the NIKE, Inc. Team

NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.

SECTION 1: WHO ARE WE LOOKING FOR

We’re looking for a Senior Cyber Security Analyst. This role must be passionate about GRC. You will work with the business and information technology functions in Nike Geographies to enable Nike’s cyber security program, ensure Nike maintaining a security posture commensurate with the risk tolerance while meeting business objectives, and regulatory requirements.

The candidate needs to have strong communication skills, be able to clearly and effectively articulate risks and security recommendations, prioritize and develop appropriate risk and control messages per different audiences. The candidate also needs to have excellent analytical and problem-solving skills, and a strong business acumen to quickly learn new business processes and understand how to provide risk-commercial balanced security advices, help business making risk informed decisions and help Nike stay compliant with relevant laws and regulations.

They should be comfortable working with ambiguity, and able to interface with other internal or external organizations regarding security policy and standards violations, security controls failure, and provide sound risk control recommendations.

SECTION 2: WHAT WILL YOU WORK ON

If this is you, you’ll be working with Corporate Information Security team and perform these key tasks:

• Perform and help to lead risk assessments in accordance with the company assessment methodology, and Nike security policies and standards. Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key systems and complex IT infrastructures (e.g. cloud services).

• Champion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of "business as usual" operations. Help lead control design and control operations related in support of compliance requirements. Provide expert level remediation recommendations and/or recommend alternate solutions to resolve gaps against Policy & Standards.

• Leverage knowledge of best practices and industry standards to support of applicable regulatory, policy, standards and legal requirements. Drive and help to lead internal and external compliance requirements and programs, be able to interpret technology (regulatory) requirements e.g. Cyber Security Law requirements, MLPS (Multi-Level Protection Scheme), SOX control requirements, develop and/or follow appropriate processes to keep the organization in compliance and reduce legal liabilities.

• Coordinate various of global and geo Cyber Security functions, such as penetration testing, application security, cyber security engineering, and serve as the liaison of Global and Geo Cyber Security teams for Nike Information Security programs and solutions, and ensure appropriate design and implementation of Cyber security programs, solutions, processes and tools.

• Promote and monitor our corporate security awareness program. Collaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout Nike.

• Effective, positive verbal and written communication skills and experienced creating and developing high-quality risk assessment reports and other PowerPoint presentations.

SECTION 3: WHO WILL YOU WORK WITH

• Reports directly to the regional Corporate Information Security (CIS) leadership

• Collaborates with regional and global GRC and other CIS functions

• Works with Nike business owners, technology teams, various governance and Legal and Privacy functions