Senior Cyber Security Analyst
国家/地区 : 中国
省份 : 上海
城市 : Shanghai
类别 : 物流
合同类别 : 正式员工
工作性质 : 全职
NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it's about each person bringing skills and passion to a challenging and constantly evolving game.
SECTION 1: WHO ARE WE LOOKING FOR
We're looking for a Senior Cyber Security Analyst. This role must be passionate about GRC. You will work with the business and information technology functions in Nike Geographies to enable Nike's cyber security program, ensure Nike maintaining a security posture commensurate with the risk tolerance while meeting business objectives, and regulatory requirements.
The candidate needs to have strong communication skills, be able to clearly and effectively articulate risks and security recommendations, prioritize and develop appropriate risk and control messages per different audiences. The candidate also needs to have excellent analytical and problem-solving skills, and a strong business acumen to quickly learn new business processes and understand how to provide risk-commercial balanced security advices, help business making risk informed decisions and help Nike stay compliant with relevant laws and regulations.
They should be comfortable working with ambiguity, and able to interface with other internal or external organizations regarding security policy and standards violations, security controls failure, and provide sound risk control recommendations.
SECTION 2: WHAT WILL YOU WORK ON
If this is you, you'll be working with Corporate Information Security team and perform these key tasks:
- Perform and help to lead risk assessments in accordance with the company assessment methodology, and Nike security policies and standards. Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key systems and complex IT infrastructures (e.g. cloud services).
- Champion information security policies, standards, controls, and processes so that compliance requirements are addressed as part of "business as usual" operations. Help lead control design and control operations related in support of compliance requirements. Provide expert level remediation recommendations and/or recommend alternate solutions to resolve gaps against Policy & Standards.
- Leverage knowledge of best practices and industry standards to support of applicable regulatory, policy, standards and legal requirements. Drive and help to lead internal and external compliance requirements and programs, be able to interpret technology (regulatory) requirements e.g. Cyber Security Law requirements, MLPS (Multi-Level Protection Scheme), SOX control requirements, develop and/or follow appropriate processes to keep the organization in compliance and reduce legal liabilities.
- Coordinate various of global and geo Cyber Security functions, such as penetration testing, application security, cyber security engineering, and serve as the liaison of Global and Geo Cyber Security teams for Nike Information Security programs and solutions, and ensure appropriate design and implementation of Cyber security programs, solutions, processes and tools.
- Promote and monitor our corporate security awareness program. Collaborate effectively with NIKE leaders, managers, employees, and partners to provide deliberate and thoughtful engagement throughout Nike.
- Effective, positive verbal and written communication skills and experienced creating and developing high-quality risk assessment reports and other PowerPoint presentations.
SECTION 3: WHO WILL YOU WORK WITH
- Reports directly to the regional Corporate Information Security (CIS) leadership
- Collaborates with regional and global GRC and other CIS functions
- Works with Nike business owners, technology teams, various governance and Legal and Privacy functions
- Bachelor's Degree and a minimum of 5 years relevant IT experience, experiences in cyber security risk assessment and risk management or documenting and implementing security policies, standards, and/or controls
- CISSP, CRISC, CISM, CISA, GIAC, CCSP or CCSK or other relevant Information Security certifications beneficial
- Knowledge of information security principles, frameworks, and best practices (e.g., PCI DSS, COBIT, COSO, NIST and ISO 27000).
- Solid understanding of network security, OSI model, and information security architecture, previous work as a security engineer is a plus
- Strong knowledge of incident response and crisis management with the ability to identify both tactical and strategic solutions using strong verbal and written communication skills
- Strong working and technical knowledge of identity and access management and data loss prevention security domains
- Understanding of network, desktop and server technologies, including experience with network intrusion methods, network containment, segregation techniques and technologies such as Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS)
- IT Audit, internal Audit and/or risk advisory experience is a plus
- Excellent collaboration skills - must be eager to work as part of a cohesive team and work as a partner to other teams within Nike, Inc., locally and globally
- Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully and manage and resolve conflict
- Proven presentation and facilitation skills
- Must excel working in team-oriented roles that rely on ability to collaborate with others
- Experience working successfully in a highly matrixed work environment
- Passion for the Nike brand and for an innovative, Just Do It work environment
NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world. NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.