Purpose
The Director Information Security Operations will serve as the leader of the Information Security Operations team leveraging existing people, processes and technology to ensure the monitoring and defence against cyber threats. This will ensure the protection of the availability, integrity, and confidentiality of information while enabling business growth. This role includes mentoring team members, while defining roadmaps for Information Security Operations.
The primary focus of the role is to maintain a specific set of technologies, designs and standard, acting as core driver in the implementation of the Global Information Security Strategy.
This role will require liaising with Senior Business and IT key stakeholders, as well as Senior Leaders and other stakeholders such as the Data Protection Officer, Compliance Officer and Legal and Works Council representatives. Furthermore, the position holder might represent adidas on Information Security related programs with external parties such as auditors, but also peers and industry groups.
This position reports directly to the Senior Director Information Security Global Systems.
Key Accountabilities
Information Security
* Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
* Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems.
* Investigates major breaches of security, and recommends appropriate control improvements.
* Contributes to development of information security policy, standards and guidelines.
Information Assurance
* Interprets information assurance and security policies and applies these in order to manage risks.
* Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
* Uses testing to support information assurance.
* Contributes to the development of policies, standards and guidelines.
Technical Specialism
* Maintains an in-depth knowledge of specific technical specialisms, and provides expert advice regarding their application.
* Can supervise specialist technical consultancy. The specialism can be any aspect of information or communication technology, technique, method and product or application area.
Emerging technology monitoring
* Monitors the market to gain knowledge and understanding of currently emerging technologies.
* Identifies new and emerging hardware and software technologies and products based on own area of expertise, assesses their relevance and potential value to the organization, contributes to briefings of staff and management.
Requirements definition and management
* Facilitates scoping and business priority setting for large or complex changes, engaging senior stakeholders as required.
* Selects the most appropriate means of representing business requirements in the context of a specific change initiative.
* Drives the requirements elicitation process where necessary, identifying what stakeholder input is required.
* Obtains formal agreement from a large and diverse range of potentially senior stakeholders and recipients to the scope and requirements, plus the establishment of a base-line on which delivery of a solution can commence.
* Takes responsibility for the investigation and application of changes to program scope.
* Identifies the impact on business requirements of external impacts affecting a program or project.
Security Administration
* Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
* Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
* Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures.
* Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.
Penetration Testing
* Coordinates and manages planning of penetration tests, within a defined area of business activity.
* Delivers objective insights into the existence of vulnerabilities, the effectiveness of defenses and mitigating controls - both those already in place and those planned for future implementation.
* Takes responsibility for integrity of testing activities and coordinates the execution of these activities.
* Provides authoritative advice and guidance on the planning and execution of vulnerability tests.
* Defines and communicates the test strategy.
* Manages all test processes, and contributes to corporate security testing standards.
Service Level Management
* Ensures that service delivery meets agreed service levels.
* Creates and maintains a catalogue of available services.
* In consultation with the customer negotiates service level requirements and agrees service levels.
* Diagnoses service delivery problems and initiates actions to maintain or improve levels of service.
* Establishes and maintains operational methods, procedures and facilities in assigned area of responsibility and reviews them regularly for effectiveness and efficiency.
Relationship management
* Identifies the communications needs of each stakeholder group in conjunction with business owners and subject matter experts.
* Translates communications / stakeholder engagement strategies into specific tasks.
* Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans
* Negotiates with stakeholders at senior levels, ensuring that organizational policy and strategies are adhered to.
* Provides informed feedback to assess and promote understanding.
People Management
* Build the appropriate structure to be able to manage the respective organization effectively, identify and develop the future talents and create realistic succession scenarios for key positions
* Ensure appropriate leadership skills are present at every level by creating a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development
* Allocate the different projects/programs and work streams to the respective teams and employees considering experience, project complexity, workload and organizational efficiency
* Continuously monitor and evaluate team workload and organizational efficiency with the support of IT systems, data and analysis and team feedback and make appropriate changes in order to meet business needs.
* Provide team members/direct reports with clear direction and targets that are aligned with business needs and GIT objectives
Knowledge, Skills and Capabilities
* Excellence in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.
* A solid understanding of ISO2700X, PCI-DSS, ITIL is a must.
* Conceptually aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models.
* Ability to provide a clear framework for performance to higher levels of management or to project teams
* Knowledge of Information Security monitoring.
* Strong IT Risk management background.
* Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
* Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
* Ability to be self-directed, must be able to deliver well under pressure.
* Strong leadership skill, ability to motivate teams.
* Ability to build architecture vision, business cases & scenarios.
* Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
* Strong experience in leading several projects simultaneously, ability to deliver projects on-time, on-budget.
* Excellent stakeholder management as well as the ability to negotiate and influence at all levels.
* Excellent communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
* Ability to travel, domestic or international, as required.
Qualifications
1. Bachelor’s degree in information technology or management, or equivalent combination of education and experience.
2. 8+ years of progressive work experience in Information Security
3. 4-5 years of experience in managing a team
4. CISSP, CISM or similar certification desired