Nike Senior Information Security Governance Analyst in Beaverton, Oregon

Become a Part of the NIKE, Inc. Team

NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.

Nike Technology designs, creates and implements the methods and tools needed to make the world’s largest sports brand run faster, smarter and more securely. Global Technology teams aggressively innovate the solutions needed to help employees navigate Nike's rapidly evolving landscape. From infrastructure to security and supply chain operations, Technology specialists drive growth through top-flight hardware, software and enterprise applications. Simply put, without Nike Technology, there are no Nike products.

Description

Nike Technology brings together technology and process expertise to create value for the consumer. We deliver one-stop, integrated process and technology capabilities that enable Nike, Inc.'s businesses and brands worldwide. Our focus is on providing Lean solutions that eliminate waste, maximize consumer value, and drive profitable business growth.

As an Information Security Governance Expert, your role on the GRC (Governance, Risk and Compliance) team will include leveraging your knowledge of security policies, standards, controls, and industry best practices while partnering with key stakeholders across NIKE Inc. You will be involved playing a critical role in ensuring that GRC functions are incorporated into key security services and helping to ensure our security practices align to industry best practices.

Your role-specific responsibilities will also include:

  • Authoring and maintaining Nike’s body of information security policies, standards, and guidance and executing periodic reviews with key stakeholders

  • Enhancing Nike’s information security awareness and training programs to span a global scale

  • Partnering with other security stakeholders to enhance key processes and assist with process improvements

  • Acting as a key go-to contact on behalf of information security Governance, Risk, and Compliance

  • Acting as a key consultant with stakeholders in ensuring appropriate security measures are implemented in a rapidly-changing technical landscape

  • Acting as a SME on IT General Controls (ITGC) and providing guidance to key stakeholders regarding control expectations and implementation

  • Acting as a SME on international regulations, including EU General Data Protection Regulation (GDPR)

  • Collaborating with other GRC professionals in development of creative ways to partner and education key lines of business regarding Nike security practices

Additional requirements of this role include:

  • Working closely with legal, audit and other technology groups at Nike.

  • Identifying gaps in information security control and provide solutions for areas in need.

  • Providing guidance and direction to architects and engineers tasked with executing controls.

  • Developing, communicating, and evolving policies, standards, and guidance to meet the needs of the business.

  • Interacting with all levels of management in a professional and polished manner.

  • Diplomatically influence teams to implement information security controls, showing the value it will be bring and tactfully help adjust existing operations to align with the framework.

  • Possess the ability to take ambiguous high level language and translate it into real world operations.

  • Ability to socialize and influence others to buy into a process oriented approach to their work.

  • Ability to gain a deep level of technical and process knowledge across multiple security domains in a short amount of time.

  • Stay current on information security technologies, trends, standards and best practices.

  • Ability to obtain a deep level of technical and process knowledge across multiple security domains in a short amount of time.

Qualifications

To make it clear, we're not looking for just anyone. We're looking for someone special, someone who had these experiences and clearly demonstrated these skills:

  • Bachelor’s Degree in relevant field and minimum of 5 years relevant experience

  • CISA, CRISC certifications desired

  • Advanced knowledge of COSO/COBIT, internal controls design, testing, and reporting

  • Familiarity with security frameworks including ISO27001/27002, PCI-DSS, CSA-CCM, NIST Cybersecurity Framework, CIS Critical Security Controls, etc.

  • IT Audit, internal Audit and/or risk advisory experience, especially at the Big 4, is a plus.

  • At least three years of ownership of security policies, standards, and/or controls

  • Ability to work and excel in an ambiguous environment is a must.

  • Strong ability to translate strategic vision and objectives into real world operations

  • Proven ability to think logically and strategically about technical solutions that are efficient, scalable, and re-usable.

  • Excellent analytical and problem solving skills.

  • Proven ability to identify and develop clear and understandable performance measures from high-level business objectives.

  • Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals.

  • Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Nike, Inc. both at WHQ and globally.

  • Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.

  • Proven presentation and facilitation skills.

  • Demonstrated expertise of building a consensus across business partners and technology leaders, and influencing successful outcomes.

  • Must excel working in team-oriented roles that rely on ability to collaborate with others.

  • Experience working successfully in a highly matrixed work environment.

  • Passion for the Nike brand and for an innovative, Just Do It work environment.

Qualifications To make it clear, we're not looking for just anyone. We're looking for someone special, someone who had these experiences and clearly demonstrated these skills:

  • Bachelor’s Degree in relevant field and minimum of 5 years relevant experience

  • CISA, CRISC certifications desired

  • Advanced knowledge of COSO/COBIT, internal controls design, testing, and reporting

  • Familiarity with security frameworks including ISO27001/27002, PCI-DSS, CSA-CCM, NIST Cybersecurity Framework, CIS Critical Security Controls, etc.

  • IT Audit, internal Audit and/or risk advisory experience, especially at the Big 4, is a plus.

  • At least three years of ownership of security policies, standards, and/or controls

  • Ability to work and excel in an ambiguous environment is a must.

  • Strong ability to translate strategic vision and objectives into real world operations

  • Proven ability to think logically and strategically about technical solutions that are efficient, scalable, and re-usable.

  • Excellent analytical and problem solving skills.

  • Proven ability to identify and develop clear and understandable performance measures from high-level business objectives.

  • Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals.

  • Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within Nike, Inc. both at WHQ and globally.

  • Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.

  • Proven presentation and facilitation skills.

  • Demonstrated expertise of building a consensus across business partners and technology leaders, and influencing successful outcomes.

  • Must excel working in team-oriented roles that rely on ability to collaborate with others.

  • Experience working successfully in a highly matrixed work environment.

  • Passion for the Nike brand and for an innovative, Just Do It work environment.

NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.

NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.

Job ID: 00383335

Location: United States-Oregon-Beaverton

Job Category: Technology