Head of Information Security and Compliance mf
Req Number: HQ - 10407HA
Country Germany Department Information Technology
State Province Germany Job Type Not specified
City Location Herzogenaurach Brand adidas GROUP
PostalZip code - Relocation Offered Yes
Theadidas Groupstrives to be the global leader in the sporting goods industry
Our brands -adidasReebokTaylorMadeandRockportare built on a passion for sports and a sporting lifestyle
As part of the adidas-Group Global IT has about 950 employees world wide Global IT is a key enabler for the adidas-Group strategy
For ourGlobal IT – Competency Center Group Functions & X-Functionalwe are currently looking for a
Head of Information Security and Compliance mf
Purpose & Overall Relevance for the Organisation
Will serve in a leadership role within adidas responsible for developing implementing and operationalizing an information security program and all related program sub-functions in support of adidass business needsobjectives in line with the expectations of adidas Information Security Strategy and in conformity with the adidas Data Protection framework The individual will serve as the senior most individual within the organization responsible for articulating and leading the adidas IT Policy strategy in line with business needs of the adidas lines of business and brands and regulatoryindustry requirements of the organization The role will also include the provision for sound information security measures data protection safeguards and technologies to ensure the confidentiality integrity and accessibility of business information assets
All adidas Information Security Team members will report to the adidas Head of Information Security in addition to contractor consultant and 3rd party resources assisting with any information security and incident management work
Capable leader negotiating at the highest levels of an organization in addition to interfacing with external parties regarding information security matters and inquiries
Key Responsibilities
Strategic and Technical Orientation Job Content
* Leads and delivers enterprise information security programs and projects for complex business processes application platforms and IT environments Projects and programs will include various work streams including Identity and Access Management Domestic and Global Remediation Shared Services Assessment Execution Information Risk and Compliance Training and Awareness Policy and Standards Portfolio and Security Management Logging and Monitoring and Asset Management and Identification Data and Infrastructure
* Oversees a team that is responsible for developing and maintaining a comprehensive and adequate information security program including the strategy and sustainability roadmap
* Identifies and manages key security program elements and information security assets and identifies which ADIDAS departments must be involved in building managing and maintain in a comprehensive information security program that effectively manages cross enterprise impacts and efficiencies
* Leads the formal development and maintenance of a comprehensive information security policy as well as standards including architecture and guidance in order to ensure alignment of Information Security strategy with business and compliance needs to minimize enterprise risk
* Possesses knowledge in various information security foundational areas including but not limited to Identity and Access Management Threat and Vulnerability Management Information Risk and Governance IT architecture hardware and software Monitoring and Incident Response and Security Strategy and Management
* Oversees the various operational aspects of the information security program before during and after remediation program execution that would include threat and vulnerability management incident response program and investigation and forensic analysis assistance
* Leads the information security compliance assessments and external third party security and compliance assessments and designs the global security policies to ensure information security needs of ADIDAS are communicated and incorporated into global strategies and where possible leveraged by other geographies
Scope of Responsibility
* Responsible for program monitoring and executive reporting to ADIDAS of internal and external security trends that may impact the company Develops and measures against key performance indicators for the on-going improvementeffectiveness of the CISO function
* Interfacing with key executives within the ADIDAS hierarchy to determine appropriate direction for information security in the context of Adidas business objectives and strategies
* Responsible for ensuring all aspects of ADIDAS information assets are protected to an acceptable level of risk This involves internal and external systems including third party hosted platforms or environments
* Responsible for periodic vulnerability assessments of ADIDAS sensitive business information assets legacy new platformsapplication environments significantly revisedenhanced environments and ensuring that those assessments are performed on a routine basis
* Responsible for ensuring processes exist and are enforced as well as measured for the creation modification management of access privileges and deletion of user accounts
* Responsible for managing logging monitoring and incident response activities in the event of a data compromise
* Helps to establish that ADIDAS information assets are subject to a periodic risk assessment along with the development of recommended controls or remediation steps to help facilitate enterprise information risk reduction
* Acts as a champion for the information security awareness and training program and monitoring compliance of ADIDAS employees and relevant third party and third party resources
* Supports enterprise needs for forensic analysis of security incident events and litigation needs where requested by business partners Maintains and administers forensic and e-Discovery technology environment and drives strategic systemapplication acquisitions
Key Relationships
* Key executives of adidas Group
* Closely partners and collaborate with other departments and functions including but not limited to IT Loss Prevention Internal Audit Office of the General Counsel and Business Leaders to ensure departments and business units consider information security risks in both ongoing and planned operations and risk management activities
Requisite Education and Experience Minimum Qualifications
* Required - Undergraduate Degree eg BA BS in Information Systems Management computer science or comparable Degree
* Preferred - Masters Degree in Information Assurance or complimentary educational experience
* Certified Information Systems Security Professional 'CISSP'
* Certified Information Security Manager 'CISM'
* Minimum of 15 years of experience in the Information Security field
* Experience with a Global retailerapparel foot ware company is a positive factor
* Proven experience in developing and implementing new and comprehensive information security programs
* Intimate knowledge with general information security practices and frameworks including ISO 2700127002 Center for Information Security 'CIS' National Institute of Standards and Technology 'NIST' Payment Card Industry Data Security Standards 'PCI DSS'
* Working knowledge of US privacy laws eg - Federal and State such as MA 201 and global privacy laws eg - EU Data Directive
* Working knowledge of US and EU security breach notification and consumer data protection laws
* Proven program and change management experience including the ability to work independently across organizations and business functions to integrate and deliver strat