Information Security Analyst

Rejoignez l'équipe NIKE, Inc. Loin de se contenter d'équiper les plus grands athlètes mondiaux, NIKE, Inc. explore les potentiels, abolit les frontières et repousse les limites du possible. L'entreprise recherche des personnes capables d'évoluer, de réfléchir, de rêver et de créer. L'épanouissement de sa culture repose sur son ouverture à la diversité et sur sa façon d'encourager l'imagination. La marque a besoin de personnes talentueuses, de leaders et de visionnaires. Chez NIKE, Inc., chacun contribue, par ses compétences et sa passion, à jouer un match difficile en constante évolution. NIKE est une entreprise de technologie. De notre site Web phare à nos applications mobiles cinq étoiles en passant par le développement de produits, la gestion des big data, l'ingénierie de pointe et la prise en charge des systèmes, les équipes NIKE Global Technology s'efforcent de révolutionner le futur, à la croisée de la technologie et du sport. Nous investissons dans la technologie et mettons au point des innovations ; nous employons les personnes les plus créatives au monde et leur donnons les clés pour innover, apporter les modifications nécessaires et servir les clients de façon plus directe et personnelle. Nos équipes innovantes, hétérogènes, multidisciplinaires et collaboratives imaginent les technologies de demain et en font profiter le monde entier. WHO ARE WE LOOKING FOR We’re looking for an Information Security Analyst to join Nike’s Corporate Information Security Governance, Risk, and Compliance (GRC) team, which is responsible for enterprise wide GRC ensuring Nike leadership has the information needed to make strategic risk-based decisions and maintain compliance with international regulations while enabling the achievement of Nike business objectives globally. This role will meet with business and technology teams across Nike and consult with them on their security and compliance requirements. We are looking for an individual who is passionate about GRC, someone with a good working knowledge of industry best practice frameworks, such as ISO, NIST and CoBIT. WHAT WILL YOU WORK ON If this is you, you’ll be working with the GRC team and performing these key tasks: Assess moderately complex platforms against Nike security and configuration standards. Evaluate and process exceptions to information security policies and standards. Participate in complex internal risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology owners. Perform risk assessments of critical third-party vendors and ensure the business objectives align with the type and volume of data used in maintaining a “need to know/use” mindset. Utilize your thorough understanding of ITGC’s to consult with Technology units on compliance matters. Champion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of “business as usual” operations. Lead Nike business units in control design and control operations related in support of compliance requirements. Perform Compliance control validation testing to determine the operating effectiveness of IT controls for scoped systems. Provide analysis and insights into data supporting the effectiveness of technical and process-based cyber security controls and establish automated data pipelines that feed data visualization tools, such as Tableau. Collaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout NIKE. Help drive execution of the Information Security training programs. Ensure the workforce stays fully informed on information security through formal trainings and oversee the development and delivery of security training and awareness campaigns. Effective, positive verbal and written communication skills and experienced creating and developing high-quality PowerPoint presentations. WHO WILL YOU WORK WITH You will report into the Governance, Risk and Compliance - India Technology Center Director , in support of global GRC processes and procedures, and will work cross-functionally within the Corporate Information Security (CIS) teams and across Nike. You will regularly meet with Nike business and technology teams. WHAT YOU BRING Knowledge of information security principles and practices, general procedures and guidelines. A general understanding of technology use, trends and risks as it applies in a business context and environment. Experience reviewing third party SOC reports. Experience/working knowledge with PCI DSS (Former QSA is a benefit).  Knowledge of information security principles, frameworks, and best practices (e.g., PCI DSS, COBIT, COSO, NIST and ISO 27000). Excellent collaboration skills - must be eager to work as part of a cohesive team and work as a partner to others within Nike, Inc. both at WHQ and globally. Experience with ServiceNow, Confluence or JIRA. NIKE, Inc. est une entreprise en pleine croissance cherchant à intégrer à son équipe des personnes capables de se développer avec elle. Nike offre un généreux programme de rémunération globale, un environnement de travail décontracté, une culture variée et inclusive et une atmosphère dynamique propice au développement professionnel. Quels que soient le site ou le poste, les employés de Nike partagent tous la même mission stimulante : apporter inspiration et innovation aux athlètes* du monde entier. NIKE, Inc. s'engage à embaucher un personnel diversifié. Les candidats qualifiés seront considérés sans tenir compte de leur origine, couleur de peau, religion, sexe, nationalité, âge, orientation sexuelle, identité de genre, expression de genre, statut de vétéran ou handicap.