Senior Information Security Architect

Shanghai | China (Peoples Republic of) | Information Technology

Purpose & Overall Relevance for the Organization:<

 <

The Senior Information Security Architect is responsible for ensuring the completeness (fitness-for-purpose) and integrity of adidas’ information security architecture, designing, documenting, delivering and improving information security solutions and building blocks, and providing consultancy for their reuse. This includes continuous monitoring and management of requirements, including information security risks, stakeholder needs, and emerging technologies,<

 <

The primary focus of the role is to maintain a specific set of technologies, designs and standards, acting as the subject matter expert and guiding the design to meet the overall objectives for the information security domain.<

 <

This role will require Consulting and Engineering in the development and design of Information security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.<

 <

This position reports directly to the Director Information Security Architecture.<

 <

Key Responsibilities: <

 <

Security Architecture<

 < <

Define and maintain the policies, standards, procedures and guidelines required to appropriately document rules and usage of related IT Security controls.< Design, build and implement enterprise-class security systems for a production environment.< Align standards, frameworks and security with overall business and technology strategy. Design / adapt security architecture elements to mitigate threats as they emerge. Design / adapt solutions that balance business requirements with information and cyber security requirements.< Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.< Contribute to enterprise level Architecture Principles Design from the information security perspective.< Netwrk security and controls for office, on-premise and hosted data centers, software-defined data centers, distribution centers, corporate WAN, retail network, site-to-site and client-to-site VPNs, wireless networks (e.g. /virtual/ routers, switches, up L4-L7 firewalls, WAF, NIDS/NIPS, network admission control, DPI, content filtering, wireless protection, etc.) ;< Cryptgraphic services (e.g. public key infrastructure, certificate and encryption key management, hardware security modules);< Endpint security solutions (e.g. anti-malware, HIPS/HIDS, host firewall, media control, EDR, application control, host DLP);< Email security slutions (e.g. anti-malware, anti-spam, email fraud defense, email encryption, email DLP);< Privilege Management Infrastructure (e.g. identity management, user directry services, /federated/ authentication services, authorization services, policy enforcement, privileged usage management),< Data Lss Prevention (information classification, labelling, data discovery, scanning, control for data in transit, in use, and at rest);< Intellectual Prperty Protection;< Autmated compliance testing, vulnerability management, threat management.< < < <

 <

Consultancy< <

Ensure and advise on how to reach compliance with information security related governance controls.< Design / adapt / contribute to technical information security standards, operational security baselines, guidelines. < Promote and guide the (re)use of information security building blocks.< Identify, evaluate and recommend options, drive the implementation of building blocks if required. Collaborate with, and facilitate stakeholder groups, as part of formal or informal consultancy agreements. Enhance security team accomplishments and competence by planning delivery of solutions; answering technical and procedural questions for less experienced team members; teaching improved processes; mentoring team members.< Contribute to architecture related information security risk management (especially to assessment and mitigation planning).< <

 <

Technical Specialism< <

Maintain an in-depth knowledge in a set of specific technology domains, and provide expert advice regarding specific information security areas.< Be able to supervise specialist technical consultancy. The specialism can be any aspect of information security technology, technique, method and product.< <

 <

Emerging trends & technology monitoring< <

Maintain expertise by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.< Keep an eye on the emerging threats and vulnerabilities to ensure that the organization’s security posture is kept up to date.< Identify new and emerging hardware and software technologies and products within the information security domain, assess their relevance and potential value to the organization, and contribute to briefings of staff and management.< Contribute to research goals, and build on and refine appropriate outline ideas for the evaluation, development, demonstration and implementation of research.< Use available resources to maintain up-to-date knowledge of the information security field.< <

 <

Requirements definition and management< <

Determine security requirements by evaluating business strategies and requirements, corresponding information security standards and regulations, conducting system security and vulnerability analysis and risk assessments, evaluating the business / information system architecture / platform, identifying integration issues, preparing cost estimates.< Select the most appropriate means of representing security requirements in the context of a specific change initiative.< Drive the requirements elicitation process where necessary, identifying what stakeholder input is required.< Obtain formal agreement from a large and diverse range of potential senior stakeholders and recipients to the scope and requirements, plus the establishment of a base-line on which delivery of a solution can commence. If necessary, take responsibility for re-evaluating requirements and facilitating changes to the architecture / program scope. Ensure that information security aspects are integrated to solution design.< <

 <

If required: People Management< <

Allocate the different work to the respective employees considering experience, complexity, workload and organizational efficiency.< Continuously monitor and evaluate team workload and organizational efficiency with the support of IT systems, data, analysis and team feedback and make appropriate changes in order to meet business needs.< <

 <

Relationship management< <

Identify the communications need of each stakeholder group in conjunction with business owners and subject matter experts.< Translate communications / stakeholder engagement strategies into specific tasks.< Facilitate open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans.< Provide informed feedback to assess and promote understanding.< <

 <

Key Relationships< <

Domain and Solution Architects< Enterprise Architects< (Senior) Directors of respective IT departments< Business and IT program and project managers< (Senior) Directors of Application Engineering & Support teams (development, testing, support, integration), Legal & Compliance / Data Protection< <

 <

Knowledge, Skills and Abilities< <

Experience in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.< Strong understanding of enterprise-level information systems and technology architectures, expertise in network security, cryptography, virtualization, cloud security concerns.< A solid understanding of ISO2700X, PCI-DSS, ITIL is a must. Technically aware of current threats and trends, emerging information security solutions / vendor products, strong analytical skills, ability to create new business models. Ability to provide a clear framework for performance to direct reports or to project teams< Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.< Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.< Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.< Ability to work in a fast-paced environment with different international cultures.< Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.< Ability to cope with change, make decisions and act comfortably with risk and uncertainty.< Strong experience in working on several projects simultaneously, ability to deliver projects on-time, on-budget.< Strong stakeholder management as well as the ability to negotiate and influence at all levels.< Strong communication (both written and verbal in English) and facilitation skills (small and large groups), especially when interacting with different levels of business.< Ability to travel, domestic or international, as required.< <

 <

Requisite Education and Experience / Minimum Qualifications< <

Bachelor’s degree in information technology or management, or equivalent combination of education and experience.< 8+ years of progressive work experience in at least three of the following domains: Security and Risk Management; Asset Security; Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing; Security Operations; Software Development Security. < 3-5 years of experience in managing a team < CISSP, CISM or similar certification desired< CISSP-ISSAP, TOGAF Certified, SABSA Chartered Security Architect Certifications, CCSP, AWS Certified Solutions Architect certifications are a plus< A track record in systems integration, solutions modeling, services design is desired.< <

 <

TA16<

Apply here

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

At adidas, every day is a chance to flip the script. An invitation to take everything we know and re-invent it. Do it better. Never settling for good enough. Every day we get up, invent, adapt, improvise, find new ways to collaborate, and do the unexpected. We’re creators, makers and doers. Helping athletes make a difference, not just in their games, but in their lives and in their world. It’s an obsession.

We’ve been doing this for more than 65 years. With an unmatched history and tradition of creating iconic products, consumer connections and experiences, we’ve been defining sport culture since the beginning. And we’re never done. Come be a part of shaping the future together with us.

The Facts

Jobtitle Senior Information Security Architect
Team Information Technology
Brand adidas
Location Shanghai
Country China (Peoples Republic of)
Number 194897
Position Type Full time
Date May-24, 2019
Relocation no

Sounds great for you? We would love to have you here.

Apply here

Jobs you might be interested as well?

  • Manager Business Solutions - Retail

    Shanghai, China (Peoples Republic of) | Information Technology

    May 24 2019 - 195186
  • Senior Manager Cyber Security Incident Response

    Shanghai, China (Peoples Republic of) | Information Technology

    April 11 2019 - 192845
  • Senior Manager IT Business Solution - Corporate Solutions, APAC

    Shanghai, China (Peoples Republic of) | Information Technology

    March 28 2019 - 191873
  • Manager IT Business Solution - Corporate Solutions, APAC

    Shanghai, China (Peoples Republic of) | Information Technology

    February 25 2019 - 189041
  • Senior Software Engineer

    Shanghai, China (Peoples Republic of) | Information Technology

    November 28 2018 - 185969
  • Director Solution Architecture

    Shanghai, China (Peoples Republic of) | Information Technology

    November 28 2018 - 186703

Through sport, we have the power to change lives

adidas is a global leader in the sporting goods industry with the core brands adidas and Reebok. Headquartered in Herzogenaurach /Germany, the company employs more than 56,000 people across the globe and generated sales of € 21 billion in 2017. In Greater China, the company employs more than 5,700 people and generated sales of over € 3.7 billion in 2017. adidas China was founded in 1997 and headquartered in Shanghai, one of adidas’ six key cities across the globe. With a population of 24 million, Shanghai is the largest city in China – and eighth largest in the world. It's the country's most important center for culture, commerce, and industry. Sometimes referred to as the "Paris of the East'," Shanghai prides itself for being a fashion capital as well. Shanghai is also the headquarter of adidas Asia-Pacific market which is crucial to achieving the brand’s mission to be the best sports company in the world.

Facts about Shanghai

is looking mostly for

  • Marketing & Communications
  • Retail (Back Office)
  • Digital
  • Sales
  • Supply Chain Management
  • Product Development
  • Human Resources
  • Shanghai Fact-Sheet

  • Working Hours
    8.30 - 6.30
  • On-Site Doctor
  • Retirement Plan
  • Company Sports
  • Company Events
  • Product Discount
  • On-Site Sports Facilities
  • Local Population
    14,35 Millions
  • Number of Employees at this location
    50k

Brands in Shanghai with open positions