Sr IT Risk Analyst

About Nintendo of America:From the launch of the Nintendo Entertainment System more than 30 years ago, Nintendo's mission has been to create smiles through unique entertainment experiences. Here at Nintendo of America Inc., we deliver on this mission by partnering closely with Nintendo Co., Ltd., to bring Nintendo's iconic and cherished franchises includingMario, Donkey Kong, The Legend of Zelda, Metroid, Animal Crossing, PikminandSplatoonacross the Americas through our video games, hardware systems, and collaborations with partners on a range of other entertainment initiatives like feature films and theme parks.

Based in Redmond, Washington, Nintendo of America serves as headquarters for Nintendo's operations in the Americas. We are an equal opportunity employer offering a welcoming and inclusive environment in service to one another, our products, and the diverse consumers and communities we call home. For more information about Nintendo, please visit the company's website athttps://www.nintendo.com/.

Job Summary: This role is part of the IT: Information Security department at Nintendo of America (NOA) and assesses and contributes to the enterprise-wide IT Governance Risk and Compliance (GRC) management and information security programs, including facilitation of IT risk identification and future mitigation strategies.

Description of Duties:

• Contributes to the development, implementation, and ongoing maturity of NOA's enterprise Data Security Program, including alignment with policies such as NIST CSF, PCI DSS, and global data protection requirements.
• Partners with crossfunctional teams to identify data security risks and define mitigation strategies, focusing on confidentiality, integrity, and availability of businesscritical information assets.
• Evaluates plans and activities to increase information security and to reduce the level of risk to Nintendo of America (NOA) including compliance of internal information technology policies and external regulations.
• Assesses IT risks including the development, implementation, application and ongoing evaluation of IT risk metrics and methodologies and the monitoring, analysis and reporting of IT risk exposures.
• Develops and consults on the design and execution of Information Security Programs.
• Identifies and assesses threats and influences the business on how to respond to identified risks.
• Consults with IT staff and business departments as subject matter expert to provide accurate and clear insight into IT risk management, including risk assessments, risk mitigation and changes to the risk management eco-system affecting NOA.
• Identifies and assesses information security events, including alerts, incidents, data breaches and emerging risks as requested, and collaborates with wider teams to create response plans.
• Performs risk assessments of new and existing vendors to identify and report on their information security posture and risk to the business, including identification of gaps and recommended remedial actions.
• Supports organizational and vendor information security compliance with internal policies through risk exposure reviews, assessments and reporting.
• Manages IT governance, risk and compliance activities between business and technical groups across the department, company, and globally for Japanese Sarbanes Oxley (JSOX), Payment Card Industry Data Security Standard (PCI DSS), and Global Data Protection Regulations.
• Consults on application and network design to aid in compliance with external regulations and internal policies and objectives.

Summary of Requirements:

• Minimum of seven (7) years of professional experience in Information Security, Risk Management, IT Controls or other related area.
• Experience across a broad range of areas including governance, vendor management, risk assessments, and information security/compliance.
• Working knowledge of IT governance frameworks and standards.
• Experience in risk assessment, information security controls, information security architecture, operational security, information security governance, control review/testing.
• Effective planning, prioritization and organizational skills.
• Proven ability to manage, organize and deliver on multiple projects simultaneously.
• Strong understanding of IT organization, processes, procedures, controls, standards, platforms, technologies and best practices for assigned areas.
• Understanding of current security controls and risks inherent to systems development life cycles, application development, web sites, applications, hardware, software and services, etc. preferred.
• Understanding of video game industry preferred.
• Undergraduate degree in Computer Science, a related field, or equivalent experience.

Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this role.

This position is HYBRID in Redmond, WA. Hybrid positions require regular onsite work following the schedule and guidelines for their division.This position is not open to fully remote status at this time.