ABOUT THE ROLE
We’re looking for a GRC Analyst to join Nike’s Corporate Information Security Governance, Risk, and Compliance (GRC) team, which is responsible for enterprise wide GRC ensuring Nike leadership has the information needed to make strategic risk-based decisions and maintain compliance with international regulations while enabling the achievement of Nike business objectives globally. This role will meet with business and technology teams across Nike and consult with them on their security and compliance requirements. We want an individual who is passionate about GRC, someone with a good working knowledge of industry best practice frameworks, such as ISO, NIST and CoBIT.
WHAT WILL YOU WORK ON
• If this is you, you’ll be working with the GRC team and performing these key tasks:
• Assess moderately complex platforms against Nike security and configuration standards.
• Evaluate and process exceptions to information security policies and standards.
• Participate in complex internal risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology owners.
• Perform risk assessments of critical third-party vendors and ensure the business objectives align with the type and volume of data used in maintaining a "need to know/use" mindset.
• Utilize your thorough understanding of ITGC’s to consult with Technology units on compliance matters.
• Champion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of "business as usual" operations.
• Lead Nike business units in control design and control operations related in support of compliance requirements.
• Perform Compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems.
• Provide analysis and insights into data supporting the effectiveness of technical and process-based cyber security controls and establish automated data pipelines that feed data visualization tools, such as Tableau.
• Collaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout NIKE.
• Help drive execution of the Information Security training programs. Ensure the workforce stays fully informed on information security through formal trainings and oversee the development and delivery of security training and awareness campaigns.
• Effective, positive verbal and written communication skills and experienced creating and developing high-quality PowerPoint presentations.
WHO WILL YOU WORK WITH
You will report into the Governance, Risk and Compliance team based out of World Headquarters, and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike. You will regularly meet with Nike business and technology teams.