Senior Information Security Analyst, Insider Threat, ITC

WHO YOU’LL WORK WITH            

The Senior Information Security Analyst will engage with business partners and internal security teams. This person will become a subject matter expert in Data Protection capabilities and will work closely with the CIS Governance, Risk & Compliance team, and Geo Cybersecurity teams to ensure customer needs are addressed while ensuring relevant security risks are minimized. 

This role reports into the Insider Threat team within Corporate Information Security Risk & Compliance.

WHO WE ARE LOOKING FOR

We are looking for a Senior Information Security Analyst for the Insider Threat Data Protection team. This person will be responsible for reviewing business processes to identify gaps leading to potential data exposure, integrating existing data protection methods into existing processes, and gathering business requirements for data protection needs that may not be met by existing data protection tools.

• Bachelor's degree in computer science, business, related degree, or equivalent work experience

• 4+ years of information technology experience

• Knowledge of information security standards, principles, and practices.

• Good understanding of modern Data Protection tools, including Data Loss Prevention (DLP), Digital Rights Management (DRM) and SIEM.

• Knowledge of data processing tools, query creation, and report generation.

• The ability to assess risk and translate it to business relevant considerations and facts.

• The ability to learn and apply new concepts quickly.

• Advanced technical acumen.

• Proven analytical and problem-solving ability.

• Superior communication, ability to explain complex concepts in plain language and graphics.

• Excellent organization, and interpersonal skills with the ability to appropriately communicate and translate complex security risks.

• Ability to balance and prioritize work.

• Must be trustworthy in keeping sensitive data confidential.

• The following certifications are strongly preferred but not required:

• Certified Information Systems Security Professional (CISSP)

• Certified Information Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

WHAT YOU’LL WORK ON

In this role the person will need to use extensive knowledge of international data protection standards, data protection tools, industry best practices, professional experience, collaboration skills, and good judgment to assist business partners by deep diving into existing processes to integrate processes with improved security controls. This role will be part of a team that is responsible for developing, implementing, and maintaining security technology footprint which allows Nike to move rapidly and securely into new business enabling technologies. 

The person will be working with the Data Protection team and performing these key tasks:

• Utilize knowledge of best practices, technical capabilities, and business process to make recommendations to internal partner teams.

• Staying current on security technologies, trends, standards, and best practices and apply that knowledge to address identified risk to internal teams.

• Interpreting customer needs and translate those needs into documented action items, improvements, requirements, and/or opportunities for training.

• Performing process reviews and deliver options, recommendations, trainings, and/or create new risks.

• Collaborations with internal security teams to review assessments, new capabilities and/or new technologies.

• Conduct data triage of anomalous events collected by approved User Entity Behavior Analysis (UEBA), Data Loss Prevention (DLP) and other client network and endpoint monitoring tools with the intent to identify opportunities for risk reduction proactively.

• Partnering with Engineering team and/or internal CIS teams to drive the implementation of technical controls to the identified high-risk areas.

• Documentation and updating processes, and standard procedures.

• Lead Engagements with global partner teams.

• Perform Trainings to our partner teams on the products and services related to our program

• Drive Collaboration with new contacts and help generate new business partners.

• Troubleshooting user issues.

• Continually update relevant security skills

• Other duties and responsibilities as assigned.