Sr IT Risk Analyst

About The Position

Requirements

• Minimum of seven (7) years of professional experience in Information Security, Risk Management, IT Controls or other related area.
• Experience across a broad range of areas including governance, vendor management, risk assessments, and information security/compliance.
• Working knowledge of IT governance frameworks and standards.
• Experience in risk assessment, information security controls, information security architecture, operational security, information security governance, control review/testing.
• Effective planning, prioritization and organizational skills.
• Proven ability to manage, organize and deliver on multiple projects simultaneously.
• Strong understanding of IT organization, processes, procedures, controls, standards, platforms, technologies and best practices for assigned areas.
• Undergraduate degree in Computer Science, a related field, or equivalent experience.
• Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this role.
• This position is HYBRID in Redmond, WA. Hybrid positions require regular onsite work following the schedule and guidelines for their division. This position is not open to fully remote status at this time.

Nice To Haves

• Understanding of current security controls and risks inherent to systems development life cycles, application development, web sites, applications, hardware, software and services, etc. preferred.
• Understanding of video game industry preferred.

Responsibilities

• Contributes to the development, implementation, and ongoing maturity of NOA’s enterprise Data Security Program, including alignment with policies such as NIST CSF, PCI DSS, and global data protection requirements.
• Partners with cross‑functional teams to identify data security risks and define mitigation strategies, focusing on confidentiality, integrity, and availability of business‑critical information assets.
• Evaluates plans and activities to increase information security and to reduce the level of risk to Nintendo of America (NOA) including compliance of internal information technology policies and external regulations.
• Assesses IT risks including the development, implementation, application and ongoing evaluation of IT risk metrics and methodologies and the monitoring, analysis and reporting of IT risk exposures.
• Develops and consults on the design and execution of Information Security Programs.
• Identifies and assesses threats and influences the business on how to respond to identified risks.
• Consults with IT staff and business departments as subject matter expert to provide accurate and clear insight into IT risk management, including risk assessments, risk mitigation and changes to the risk management eco-system affecting NOA.
• Identifies and assesses information security events, including alerts, incidents, data breaches and emerging risks as requested, and collaborates with wider teams to create response plans.
• Performs risk assessments of new and existing vendors to identify and report on their information security posture and risk to the business, including identification of gaps and recommended remedial actions.
• Supports organizational and vendor information security compliance with internal policies through risk exposure reviews, assessments and reporting.
• Manages IT governance, risk and compliance activities between business and technical groups across the department, company, and globally for Japanese Sarbanes Oxley (JSOX), Payment Card Industry Data Security Standard (PCI DSS), and Global Data Protection Regulations.
• Consults on application and network design to aid in compliance with external regulations and internal policies and objectives.

Benefits

• medical
• dental
• vision
• 401(k)
• paid time off
• potential for a semi-annual discretionary performance bonus