Purpose
* Lead, manage, and deliver the Information Security Systems and Computer Security Incident Response (CSIRT) Program, ERP Security, Identity and Access Management and Information Security Operations (ISOC) services globally for the adidas group, across brands and respective functions within Information Security and Data Protection. This includes strategic investment, resource/product planning, defining and governing an effective approach on an enterprise-level for the program portfolio and governance function globally.
* Serve as a leader within adidas to provide vision, strategy and broad-based planning. The broad scope and complexity of this position requires a leadership approach which is engaging, creative and collaborative. Possesses ability to work with other senior leaders to set the best balance between security strategies and other priorities at the enterprise level.
* Responsible for development and delivery of a comprehensive Global Information Security Strategy in order to optimize the Security posture of the adidas Group.
* Influences improvement in order to deliver enterprise security in support of key business processes. This role will require liaising with Senior IT and Business key stakeholders, as well as Senior Leaders and other Group players such as Data Protection Officer, Compliance Officer, Legal and Workers Council representatives. Furthermore, the position holder represents the adidas Group in all IT Security related aspects in dealings with external parties such as auditors, as well as with peers and industry groups.
* adidas Information Security Strategy, CSIRT, ERP Security, Identity and Access Management and Security Operation Center team members along with contractors, consultants and 3rd party resources will all report to Senior Director Information Security Global Systems.
Key Accountabilities
Strategic and Technical Orientation / Job Content
* Accountable for delivery of enterprise Information Security programs and projects for complex business processes, application platforms and IT environments. Projects and programs will consist of various work streams including Information Security Strategy, Security Operation Center, IT Infrastructure Security, CSIRT, Identity and Access Management, ERP Security, Logging and Monitoring, Threat Intelligence and Vulnerability Management across the adidas Group globally.
* Oversees a team that is responsible for developing and maintaining a comprehensive and adequate information security program including the strategy and sustainability roadmap. Also responsible for capturing, prioritizing and structuring the business demands and requirements.
* Directly accountable for the teams that are responsible for key deliverables in the area of IT Security such as projects, security consulting and design, identity and access management, security operations team supporting business 24/7, Threat Intelligence, all aspects of Computer Security Incident Response and Information Security Awareness Programs.
* Acts as the final point of escalation for all IT Security related control systems including but not limited to Firewall, IPS, DLP, Content Filtering, Remote Access, SIEM, AntiAPT, Mobile security. Also works with key stakeholders on improving existing processes in order to support business by increasing efficiency while maintaining quality and acceptable risk levels.
* Oversees and acts as last point of escalation for any computer security incidents and defining program to proactively (e.g. via Threat Intelligence) as well as reactively (e.g via security operation as well incident response teams) prevent damage to digital assesses of adidas Group.
* Accountable for creation and execution of sound Information Security Awareness Program with direct management of teams responsible for delivery to minimize enterprise risk by ensuring compliance to Information Security policies.
* Possesses expert knowledge in various information security essential areas including but not limited to Security Strategy and Management, Computer Security Incident Response, Identity and Access Management, ERP Security, IT architecture (hardware and software), Threat and Vulnerability Management.
Scope of Responsibility
* Defines strategic targets and direction for Global IT Security in close alignment with senior business partners and GIT Senior Management.
* Responsible for IT Security program monitoring of internal and external security trends that may impact the company.
* Interfacing regularly with key executives within the adidas hierarchy to determine appropriate direction for IT security in the context of adidas business objectives and strategies.
* Responsible for Global IT Security operations and monitoring, making sure the adidas Group change management process is followed and in line with business objectives and needs. Defining SLAs and KPIs/KRIs and providing regular reporting to senior management, while constantly improving and optimizing existing and new processes.
* Responsible for ensuring that all aspects of adidas information assets are protected to acceptable level of risk. This involves internal and external systems including third party hosted platforms and/or environments.
* Responsible for managing logging, monitoring, and incident response activities in the event of a data compromise.
* Responsible for ensuring processes exist, and are enforced, as well as measured for the creation, modification, management of access privileges and deletion of user accounts.
* Accountable for promotion of information security awareness and training programs and monitoring compliance of adidas employees and relevant third party and third party resources.
* Responsible for provision of enterprise forensic analysis to support investigation of security incident events and litigation needs where requested by business partners. Maintains and administers forensic technology environment and drives strategic system/application acquisitions.
People Management
* Build the appropriate structure to be able to manage the respective organization effectively, identify and develop the future talents and create realistic succession scenarios for key positions.
* Ensure appropriate leadership skills are present at every level through creating a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development.
* Allocate the different topics and work streams to the respective employees considering experience, complexity, workload and organizational efficiency.
* Continuously monitor and evaluate team workload and organizational efficiency with the support of systems, data and analysis and team feedback and make appropriate changes in order to meet business needs.
* Provide team members/direct reports with clear direction and targets that are aligned with business needs.
Knowledge, Capabilities and Experience
* Proven experience in developing and implementing new and comprehensive information security programs.
* Extensive experience in Security Architecture, Security Operations, Incident Handling and Response and Identity and Access Management.
* Knowledge of general information security practices and frameworks including Center for Information Security ("CIS"), National Institute of Standards and Technology ("NIST"), Payment Card Industry Data Security Standards ("PCI DSS").
* Strategic orientation with ability to act tactically as required.
* Entrepreneurial and Commercial Thinking.
* Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
* Strong stakeholder management as well as the ability to negotiate and influence at all levels.
* Sound understanding of emerging technologies and how these can create new business models.
* Proven program and change management experience including the ability to work independently across organizations and business functions to integrate and deliver strategic direction.
* Ability to be self-directed while working under tight deadlines.
* Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
* Ability to articulate complex technical or security related aspects in a straight forward and simple way.
* Strong communication (both written and verbal) and facilitation skills (small and large groups) especially when interacting with different levels of business.
Qualifications
1. Required - Undergraduate Degree (e.g., BA, BS) in Information Systems Management, computer science, or comparable degree.
2. Preferred - Masters Degree in Information Security or complementary educational experience
3. Certified Information Systems Security Professional ("CISSP")
4. Certified Information Security Manager ("CISM")
5. Minimum of 10 years of experience in the Information Security field
6. Minimum of 8 years of experience in people management role
7. Experience with a (Global) retailer/apparel footwear company is a positive factor
We`re looking forward to receiving your application!
Check out this video of the adidas CIO on Digital Transformation.