Lead IT Auditor, Global Audit and Risk Management

Posted:
10/29/2024, 5:00:00 PM

Location(s):
Oregon, United States ⋅ Beaverton, Oregon, United States

Experience Level(s):
Expert or higher ⋅ Senior

Field(s):
IT & Security

Who we are looking for:

Our Global Audit and Risk Management (GA&RM) team partners with management across the enterprise to improve and protect Nike’s value and brand through world-class risk management capabilities, including enterprise risk, internal audit, and advisory services. As a Lead IT Auditor on our team, we are looking for a collaborative project leader with a wide variety of experience in project management across audit and advisory services to bring valuable insights to help management effectively handle risk while leveraging technology for a strategic advantage. A successful candidate will thrive working in an environment where the pace of change is high and integrative thinking is required to “connect the dots” across the company. A love of collaboration, innovation and continuous learning will help you creatively solve problems and challenge the status quo.

What will you work on:

Your work will be highly visible to NIKE, Inc. executive management and the Audit and Finance Committee of the Board of Directors. Primary responsibilities for this role include but not limited to:

  • NIKE’s technology landscape is constantly evolving, but some technical audit areas of focus may include, cloud platforms, DevOps CI/CD processes, technical operations, site reliability engineering, digital experience development, product management, technology governance, portfolio management, data governance, data privacy, cybersecurity, enterprise system implementation reviews (e.g. SAP), enterprise architecture, business continuity management/disaster recovery, and assessing technology risk in other emerging applications/subject areas such as AI/ML, blockchain, and RPA.

  • Strategic thinking, understanding business priorities and key objectives to plan, develop, manage and execute high impact audit and advisory work plans

  • Ensure quality and timely project execution through project lifecycle including planning, fieldwork, and reporting

  • Perform end-to-end risk assessments to understand process and controls, develop project scope, objectives, and approach

  • Identify key risks and opportunities followed by root cause analysis to develop proposed recommendations and align with business partners on action plans

  • Develop high-quality executive-level reports and presentations

  • Communicate sophisticated ideas or controversial / difficult information in a manner that influences others to adopt a different point of view

  • Provide coaching and mentorship to team members to ensure work and documentation comply with audit standards and drive their professional growth

  • Champion continuous improvement within GA&RM processes and deliverables

  • Coordinate and lead work across multiple projects

Who you’ll be working with:

You’ll report directly to the Global IT Audit & Risk Management Director within the Global Audit & Risk Management team.

You’ll be part of a group of Lead auditors who operate as project leads, coaches, and partners with the broader GA&RM leadership team to sustain a strong and collaborative team culture. Regular partnership with leaders across Nike’s enterprise is a key responsibility of the Lead Auditor to drive proactive risk consultation, relationship management and project delivery of audit, advisory and strategic risk services.

What you bring:

  • Bachelor's degree with an emphasis in Information Systems, Computer Science, Electrical Engineering, Business Administration, or related field Bachelor's degree

  • 5+ years professional, relevant work experience in technology, audit and risk services including internal or external audit, risk advisory services or enterprise risk management or comparable combination of skills and experiences

  • Experience auditing general computing controls (ITGCs), including security/access, change control, systems development and technology operations, experience with SAP S4/HANA strongly preferred.

  • Experience with business process mapping, risk and controls identification, design, and implementation

  • Knowledge of operating system platforms, relational database platforms, cloud computing platforms, enterprise network and systems architecture concepts and technologies, and risk considerations for internet-facing digital experience and commerce applications.

  • Proven understanding of managed service risk and control concepts for cloud-based services (IaaS, PaaS, SaaS), hosted infrastructure, and outsourcing services.

  • Working knowledge of various system and application development methodologies (Agile, Waterfall); familiar with DevOps and continuous integration and continuous delivery approaches.

  • Solid understanding of information technology standard methodologies and control frameworks such as NIST CSF, ISO27001, and COBIT.

  • Possess advanced knowledge and application of audit and risk craft

  • Excellent executive verbal and written communication skills

  • Outstanding interpersonal and communication skills; ability to communicate effectively with technical and non-technical audiences both in written and verbal communications.

  • Proven ability to identify and assess business risks and controls, perform root cause analysis and work with business partners to develop practical recommendations

  • Demonstrated project management experience including project team leadership

  • Ability to travel up to 20% (domestic and international)

Preferred

  • Professional risk certifications including CIA, CISA, CISSP, CISM, and/or CSX

  • Subject matter expertise in any of the following: Technology Operations, CyberSecurity, Privacy, data Governance

  • Strong understanding of dynamic risk assessment inclusive of risk sensing and monitoring concepts

  • Demonstrated data analytics capabilities in service of risk assessments and projects across the suite of risk services

  • General understanding/knowledge of Nike’s business and operating model

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.