Nike GRC AHQ Analyst in Shanghai, China

Become a Part of the NIKE, Inc. Team

NIKE, Inc. does more than outfit the world's best athletes. It is a place to explore potential, obliterate boundaries and push out the edges of what can be. The company looks for people who can grow, think, dream and create. Its culture thrives by embracing diversity and rewarding imagination. The brand seeks achievers, leaders and visionaries. At Nike, it’s about each person bringing skills and passion to a challenging and constantly evolving game.



As an Information Security Risk Analyst, your role on the GRC (Governance, Risk and Compliance) team will include leveraging your knowledge of security policies, standards, controls and industry best practices to perform risk assessments of Nike systems and systems managed for Nike by vendors. You will be responsible for identifying and profiling Nike systems and processes that require risk assessments, scoping specific risk assessments, identifying information security risks through analysis of threats and vulnerabilities, and reporting on those risks to Nike business and technology owners. You will be responsible for building a strong partnership with Nike business owners, Corporate Information Security (CIS), and various governance and legal functions (e.g. Audit or Privacy). Last, but not least, you will be an integral part of strategy and roadmap conversations for GRC at Nike. Your responsibilities will also include:

  • Perform detailed analysis of threats and vulnerabilities in all areas of information security including network security, asset security, security engineering, identity and access management, security operations and software development security. This also includes reviewing key system configurations and complex IT infrastructures (e.g. cloud services).

  • Rate likelihood and impact of risks based on established qualitative and quantitative factors.

  • Report on identified risks effectively based on the audience of the report (Nike executive management).

  • Researching emerging information security risks (either from internal or external sources of knowledge) to help update our risk libraries.

  • Be a subject matter resource for pragmatic, risk oriented solutions to protecting Nike data from threats and vulnerabilities.

  • Interview Nike employees to understand data flows and Nike IT infrastructure components.

  • Keep up to date with latest data security regulations (e.g. GDPR)

  • Bachelor’s Degree in relevant field and minimum of 7 years relevant IT experience

  • At least five years of performing information security risk assessments or assessments that would identify security risks (e.g. iT audits)

  • At least one year of experience performing any function in information security Governance, Risk and Compliance (GRC)

  • Strong working and technical knowledge of identity and access management, configuration management, vulnerability management, end-point protection, and operational security management

  • Experience with risk assessing and understanding cloud security models

  • CISA, CRISC, CISSP, or CISM certifications beneficial

  • SAP security experience beneficia

NIKE, Inc. is a growth company that looks for team members to grow with it. Nike offers a generous total rewards package, casual work environment, a diverse and inclusive culture, and an electric atmosphere for professional development. No matter the location, or the role, every Nike employee shares one galvanizing mission: To bring inspiration and innovation to every athlete* in the world.

NIKE, Inc. is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.

Job ID: 9370

Location: China-Shanghai Municipality-Shanghai

Job Category: IT