Purpose & Overall Relevance for the Organization:
The Director Information Security Architecture will serve as the senior technical leader of an INFOSEC architecture team leveraging experience with consultative skills to identify and design security patterns that protect the availability, integrity, and confidentiality of information while enabling business growth. The incumbent is responsible for security technology innovation, strategy, pattern creation, testing conceptual designs, and assisting in the development of security services and roadmaps. This role includes mentoring team members.
The primary focus of the role is to maintain a specific set of technologies, designs and standard, acting as the gatekeeper and guiding the design to meet the overall objectives for the security architecture domain.
This role will require liaising with Senior Business and IT key stakeholders, as well as Senior Leaders and other stakeholders such as the Data Protection Officer, Compliance Officer and Legal and Works Council representatives. Furthermore, the position holder can represent adidas on any Information Security related aspect with external parties such as auditors, but also peers and industry groups.
This position reports directly to the Senior Director Information Security Global Systems.
- Defines strategic targets and direction for Global Information Security in close alignment with senior business partner and GIT Senior Management
- Capture, prioritize and structure the business demands and requirements to create and own a multi-year strategy and roadmap.
- Review, approve and recommend changes to the existing and proposed computing environments, as needed, to address gaps in the existing security posture. Serve as the lead architecture technical liaison between own team and other supporting entities.
- Foster relationships with other teams within organization to understand business requirements and work with them to accomplish those requirements within the security framework
- Lead the enterprise level Architecture Principles Design from the information security perspective.
- Lead and manage teams that are involved in delivering key deliverables (projects, security consulting and design - supporting solution partners, audit remediation support, etc.) in the Information Security area.
- Act as the primary point of contact for any internal or external organizations on authorization related topics or requests. Participate in critical interviews and meetings.
- Ensure the delivery of policies, standards, procedures and guidelines required to appropriately document rules and usage of related Information Security controls.
- Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.
- Promote and guide the (re)use of information security building blocks.
- Ensure compliance for information Security related governance controls. Identifies, evaluates and recommends options, implementing if required.
- Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements.
- Maintains an in-depth knowledge of specific technology domains, and provides expert advice regarding information security specific area.
- Be able to lead technical consultancy team.
Emerging trends & technology monitoring
- Keep an eye on the emerging threats and vulnerabilities to ensure that organization’s security posture is kept up to date.
- Ensure that any new and emerging hardware and software technologies and products based in security domain are identified, their relevance and potential value to the organization are assessed, and brief the staff and management.
- Update job knowledge by tracking and understanding emerging security practices and standards; participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
- Use available resources to gain an up-to-date knowledge of information security field
Requirements definition and management
- Select the most appropriate means of representing security requirements in the context of a specific change initiative.
- Drive the requirements elicitation process where necessary, identifying what stakeholder input is required.
- Obtain formal agreement from a large and diverse range of potentially senior stakeholders and recipients to the scope and requirements, plus the establishment of a base-line on which delivery of a solution can commence.
- If necessary, lead any investigation and adjust solution to facilitate any changes to program scope.
- Ensure that the security is integrated in solution design.
Financials and Controlling
- Ensure the portfolio of all overseen I-codes are transparent and effectively managed. Take appropriate action should any concerns arise. If required, manage respective budget through tracking and reporting the monthly budget accruals and variances and ensure timely and accurate invoicing.
- Manage the end-to-end financial process by providing accurate and thorough budget planning, target setting and adjustments, if required. Drive cost efficiency.
- Ensure that all financial and controlling commitments and targets are fully achieved through compliance with adidas standards. Work closely with the controlling department.
If required: People Management:
- Build the appropriate structure to be able to effectively manage the respective organization, identify and develop future talents and create realistic succession scenarios for key positions.
- Ensure appropriate leadership skills are present at every level through creating a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development.
- Allocate the different work to the respective employees considering experience, complexity, workload and organizational efficiency.
- Continuously monitor and evaluate team workload and organizational efficiency with the support of IT systems, data, analysis and team feedback and make appropriate changes to meet business needs.
- Provide team members/direct reports with clear direction and targets that are aligned with business needs and GIT objectives.
- Identify the communications needs of each stakeholder group in conjunction with business owners and subject matter experts.
- Translate communications / stakeholder engagement strategies into specific tasks.
- Facilitate open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.
- Negotiate with stakeholders at senior levels, ensuring that organizational policy and strategies are adhered to.
- Provide informed feedback to assess and promote understanding.
- IT Senior Management Team (SVP/VP)
- Domain and Solution Architects
- Enterprise Architects
- (Senior) Directors of respective IT departments
- SVP / VP / (Senior) Directors of respective line of business
- Business and IT program and project managers
- (Senior) Directors of Application Engineering & Support teams (development, testing, support, integration). Legal & Compliance.
Knowledge, Skills and Abilities:
- Excellence in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.
- Strong understanding of enterprise-level information systems and technology architectures, expertise in network security, cryptography, virtualization, cloud security concerns.
- A solid understanding of ISO2700X, PCI-DSS, ITIL is a must.
- Conceptually aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models.
- Ability to provide a clear framework for performance to higher levels of management or to project teams
- Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
- Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
- Ability to be self-directed, must be able to deliver well under pressure.
- Strong leadership skill, ability to motivate teams.
- Ability to build architecture vision, business cases & scenarios.
- Ability to cope with change, make decisions and act comfortably with risk and uncertainty.
- Strong experience in leading several projects simultaneously, ability to deliver projects on-time, on-budget.
- Excellent stakeholder management as well as the ability to negotiate and influence at all levels.
- Excellent communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.
- Ability to travel, domestic or international, as required.
Requisite Education and Experience / Minimum Qualifications
- Bachelor’s degree in information technology or management, or equivalent combination of education and experience.
- 10+ years of progressive work experience in at least three of the following domains: Security and Risk Management; Asset Security; Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; Software Development Security.
- 5-7 years of experience in managing a team
- CISSP, CISM or similar certification desired
- CISSP-ISSAP, TOGAF Certified, SABSA Chartered Security Architect Certifications, CCSP, AWS Certified Solutions Architect certifications are a plus
- A track record in systems integration, solutions modeling, services design is desired.