Share this job
GRC AHQ Analyst
Shanghai, China, China
As an Information Security Risk Analyst, your role on the GRC (Governance, Risk and Compliance) team will include leveraging your knowledge of security policies, standards, controls and industry best practices to perform risk assessments of Nike systems and systems managed for Nike by vendors. You will be responsible for identifying and profiling Nike systems and processes that require risk assessments, scoping specific risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology owners. You will be responsible for building a strong partnership with Nike business owners, Corporate Information Security (CIS), and various governance and legal functions (e.g. Audit or Privacy). Last, but not least, you will be an integral part of strategy and roadmap conversations for GRC at Nike. Your responsibilities will also include:
- Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key system configurations and complex IT infrastructures (e.g. cloud services).
- Rate likelihood and impact of risks based on established qualitative and quantitative factors.
- Report on identified risks effectively based on the audience of the report (Nike executive management).
- Researching emerging information security risks (either from internal or external sources of knowledge) to help update our risk libraries.
- Be a subject matter resource for pragmatic, risk oriented solutions to protecting Nike data from threats and vulnerabilities.
- Interview Nike employees to understand data flows and Nike IT infrastructure components.
- Keep up to date with latest data security regulations (e.g. GDPR)
- Bachelor’s Degree in relevant field and minimum of 7 years relevant IT experience
- At least five years of performing information security risk assessments or assessments that would identify security risks (e.g. iT audits)
- At least one year of experience performing any function in information security Governance, Risk and Compliance (GRC)
- Strong working and technical knowledge of identity and access management, configuration management, vulnerability management, end-point protection, and operational security management
- Experience with risk assessing and understanding cloud security models
- CISA, CRISC, CISSP, or CISM certifications beneficial
- SAP security experience beneficia