Director Cyber Security Incident Response

Shanghai | Greater China | Information Technology

Purpose & Overall Relevance for the Organization:

Protect the enterprise against potential cyber-attacks. Play a key leadership role in all CSIRT (Cyber Security Incident Response Team) activities, responding to potential security incidents and proactively implementing detection/avoidance mechanisms.

The Senior Manager Cyber Security Incident Response proactively contributes to the safety and security of the digital ecosystem by providing expertise, consultancy and strategic advice. The aim is to safeguard the company’s brand and assets by ensuring the continuity of IT services.

Key Responsibilities:

Information management

  • Understands and complies with relevant organizational policies and procedures, taking responsibility for assessing and managing risks around the use of information.
  • Ensures that information is presented effectively.
  • Ensures that effective controls are in place for internal delegation, audit and control and that the board receives timely reports and advice that will inform their decisions.

Information Security

  • Communicates information security risks and issues to business managers and others.
  • Performs basic risk assessments for small information systems.
  • Contributes to vulnerability assessments.
  • Applies and maintains specific security controls as required by organisational policy and local risk assessments.
  • Takes action to respond to security breaches in line with security policy and records the incidents and action taken.

Information assurance

  • Interprets information assurance and security policies and applies these in order to manage risks.
  • Provides advice and guidance to ensure adoption of and adherence to information assurance architectures, strategies, policies, standards and guidelines.
  • Uses testing to support information assurance.
  • Contributes to the development of policies, standards and guidelines.

Research and training

  • Participate in training and research to ensure that technical skill set stays current with modern practices and methodologies. This should include conferences and online training as well as knowledge transfer to the team via internal training, documentation and process development and maintenance.
  • Within given research goals, builds on and refines appropriate outline ideas for research, i.e. evaluation, development, demonstration and implementation.
  • Uses available resources to gain an up-to-date knowledge of any relevant field.
  • Reports on work carried out and may contribute sections of material of publication quality.

Business process improvement

  • Analyses business processes; identifies alternative solutions, assesses feasibility, and recommends new approaches.
  • Contributes to evaluating the factors which must be addressed in the change program.
  • Helps establish requirements for the implementation of changes in the business process.

Requirements definition and management

  • Facilitates scoping and business priority-setting for change initiatives of medium size and complexity.
  • Contributes to selection of the most appropriate means of representing business requirements in the context of a specific change initiative, ensuring traceability back to source.
  • Discovers and analyses requirements for fitness for purpose as well as adherence to business objectives and consistency, challenging positively as appropriate.
  • Obtains formal agreement by stakeholders and recipients to scope and requirements and establishes a base-line on which delivery of a solution can commence.
  • Manages requests for and the application of changes to base-lined requirements. Identifies the impact on business requirements of interim (e.g. migration) scenarios as well as the required end position.

Business process testing

  • Specifies and develops test scenarios to test that new/updated processes deliver improved ways of working for the end user at the same time as delivering efficiencies and planned business benefits.
  • Records and analyses test results, and reports any unexpected or unsatisfactory outcomes.
  • Uses test plans and outcomes to specify user instructions.

Security administration

  • Maintains security administration processes and checks that all requests for support are dealt with according to agreed procedures.
  • Provides guidance in defining access rights and privileges.
  • Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.

Penetration testing

  • Maintains current knowledge of malware attacks, and other cyber security threats.
  • Creates test cases using in-depth technical analysis of risks and typical vulnerabilities.
  • Produces test scripts, materials and test packs to test new and existing software or services.
  • Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards.

Problem management

  • Initiates and monitors actions to investigate and resolve problems in systems, processes and services.
  • Determines problem fixes/remedies.
  • Assists with the implementation of agreed remedies and preventative measures.

Incident management

  • Prioritises and diagnoses incidents according to agreed procedures.
  • Investigates causes of incidents and seeks resolution.                                                        
  • Escalates unresolved incidents.                                                        
  • Facilitates recovery, following resolution of incidents.
  • Documents and closes resolved incidents according to agreed procedures.

Digital forensics

  • Contributes to digital forensic investigations.
  • Processes and analyses computer evidence in line with policy, standards and guideline and supports production of forensics findings and reports.

Relationship management

  • Implements stakeholder engagement/ communications plans, including, for example; handling of complaints; problems and issues; managing resolutions; corrective actions and lessons learned; collection and dissemination of relevant information.
  • Uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management. Helps develop and enhance customer and stakeholder relationships.

Security Awareness

  • Provide technical support and work closely with different departments for running Security Awareness Program



Key Relationships:

  • Global IT
  • IT Senior Management Team (SVP/VP)
  • Respective business function (GOPS, Finance, HR, Brand Marketing, Wholesale/Retail)
  • Business and IT program and project managers
  • HR Management
  • Controlling
  • Legal and Compliance
  • Data Protection

Knowledge, Skills and Abilities:

  • Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
  • Business- and solution-oriented, global mindset of strategic orientation, with ability to act tactically as required.
  • Ability to be self-directed while working under tight deadlines, must be able to perform well under pressure.
  • Ability to work in a fast-paced environment with different international cultures.
  • Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
  • Ability to cope with change, make decisions and act comfortably with risk and uncertainty
  • Extensive knowledge of incident response and digital forensics
  • Experience with standards work in security, such as ISO, ANSI, IETF, etc.
  • Substantial knowledge of information security practices and technology
  • Knowledge of internetworking, including TCP/IP, IPsec, routers, IP internetwork configuration and application
  • Basic level of understanding in Compliance (PCI, CoBIT)
  • Good Project management skills

Requisite Education and Experience / Minimum Qualifications:

  • Graduate degree in computer or electrical engineering, mathematics, computer science, Information Security, Business Informatics or similar
  • At least 8 years working experience in Information Security, with focus in Security Incident Response, Forensics, - and Cyber Security investigations
  • CISSP, GCIH, GPEN, GMON, CEH or similar certification is desired
  • At least 5 years’ experience in digital forensics


Apply here

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

At adidas, every day is a chance to flip the script. An invitation to take everything we know and re-invent it. Do it better. Never settling for good enough. Every day we get up, invent, adapt, improvise, find new ways to collaborate, and do the unexpected. We’re creators, makers and doers. Helping athletes make a difference, not just in their games, but in their lives and in their world. It’s an obsession.

We’ve been doing this for more than 65 years. With an unmatched history and tradition of creating iconic products, consumer connections and experiences, we’ve been defining sport culture since the beginning. And we’re never done. Come be a part of shaping the future together with us.

The Facts

Jobtitle Director Cyber Security Incident Response
Team Information Technology
Brand adidas
Location Shanghai
Location Greater China
Number 192845
Position Type Full time
Date Apr-11, 2019
Relocation no

Sounds great for you? We would love to have you here.

Apply here

Jobs you might be interested as well?

  • Senior Manager Business Solutions - BI&AA

    Shanghai, Greater China | Information Technology

    July 30 2019 - 199224
  • Director Information Security Architect

    Shanghai, Greater China | Information Technology

    May 24 2019 - 194897
  • Manager Business Solutions - Retail

    Shanghai, Greater China | Information Technology

    May 24 2019 - 195186
  • Senior Manager IT Business Solution - Corporate Solutions, APAC

    Shanghai, Greater China | Information Technology

    March 28 2019 - 191873
  • Manager IT Business Solution - Corporate Solutions, APAC

    Shanghai, Greater China | Information Technology

    February 25 2019 - 189041