Senior Manager Information Security Governance (m/f/d) for Internal Controls

Herzogenaurach | Germany | Information Technology


Information Security Governance refers to our companies coordinated strategy for managing the broad issues of corporate governance, enterprise risk management and corporate compliance with regards to regulatory, internal and external requirements.

Together with your team you are responsible to govern the effectively and cost-efficiently mitigation or remediation of risks that can hinder our organization’s operations or our ability to remain competitive in the market. You also ensure our company’s conformance with regulatory and internal requirements for IT operations, - and other IT/business practices.

Key Accountabilities

Security Compliance Program Management

  • Proactively identify security gaps and support business/IT stakeholders on their demands
  • Contribute to the creation of a business case that outlines a recovery compliance strategy including implementation plan, resources needed, budget and life cycle management.
  • Develop a project charter and manage to successfully deliver the assigned projects, end-to-end, ideally through applying RAP methodology effectively. Manage the execution and completion of the defined project plan through effectively coordinating people and resources.
  • Monitor the project variables (cost, effort, scope, etc.) against the project plan to implement corrective or preventative actions.
  • Ensure regular status reporting is presented to project stakeholders and his manager. Be responsible and highlight any project obstacles with offering solutions for corrective actions. Follow up and drive issue resolution with project stakeholders.

Services and Governance

1. IT Policy & Standard Management

  • Responsible to create IT individual policy- and standard rules within IT Compliance programs, ensuring that legal, contractual, internal, rules and regulations are met. Perform quality assurance with IT stakeholder and develop the review and approval material for senior management.
  • Create awareness information and training material and provide regular update sessions with Markets and HQ. Ensure existing documents are up to date and centrally available.

2. IT Governance Framework

  • Establish a framework for the respective service (e.g. PCI, ITSCM etc.), that outlines the scope, process, roles & responsibilities, lifecycle management, training material and a communication strategy.
  • Create specific process documents including all necessary end-2-end workflows and ensure successful process implementation and lifecycle management across the organization.

3. IT Assessment Management

  • Manage assigned assessments through identifying non-compliant area’s and topics for company critical assets IT systems, applications and processes.
  • Enter the identified IT / SCM risks/topics to the global audit - and assessment database and/or Security specifics to ISMS.
  • Consult, track and follow up with issue owners to ensure they become compliant and ensure risk mitigation/remediation.

4. Service Demand Management

  • Manage the assigned task within the demand management process of Information Security Governance. This includes the alignment x-functionally within Information Security, stakeholders and requestors.

5. Contract support (Information Security)

  • Create the third-party vendor contract annexes for Information Security for Global Procurement and IT Supplier Management.

External financial audit (IT)

  • Support the Global IT SPOC for the yearly external financial audit. Coordinate the field work audit plan, organize field work kick off between IT Champs & external audit, challenge the audit field work results and align content with external audit.

Risk Acceptance

  • Support the risk acceptance process activities. Evaluate the individual risk components, compensation controls and remediation activities.

If required: People Management

  • Build the appropriate structure to be able to manage the respective organization effectively, identify and develop the future talents and create realistic succession scenarios for key positions
  • Ensure appropriate leadership skills are present at every level by creating a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development
  • Allocate the different projects/programs and work streams to the respective teams and employees considering experience, project complexity, workload and organizational efficiency

Knowledge, Skills and Capabilities

  • Pro-active mindset, ability to think end-to-end
  • Ability to identify problems, collect data, establish facts and draw valid conclusions
  • Ability to coach, guide and manage a (project/service) team
  • Strong communication (both written and verbal) and facilitation skills (small and large groups), especially when interacting with different levels of business
  • Ability to travel, domestic or international
  • Fluent English (verbal and written)
  • Strong experience with standards work in security, such as ISO 2700x, ISO27031/BS25999; PCI DSS, COBIT, COSO, OWASP; HIPPA etc.
  • Industry recognized certification (CISA; PCI QSA / ISA; CGEIT; CRISC etc.) 
  • Ideally certified as CISSP, CISM, TISP


  1. Four-year college or university degree with focus on Information Security or related areas, or equivalent combination of education and experience
  2. Minimum of 6+ years of progressive work experience in the field of IT Compliance, Security and Governance
  3. If required: 1-3 years of experience managing a team
Apply here

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

At adidas, every day is a chance to flip the script. An invitation to take everything we know and re-invent it. Do it better. Never settling for good enough. Every day we get up, invent, adapt, improvise, find new ways to collaborate, and do the unexpected. We’re creators, makers and doers. Helping athletes make a difference, not just in their games, but in their lives and in their world. It’s an obsession.

We’ve been doing this for more than 65 years. With an unmatched history and tradition of creating iconic products, consumer connections and experiences, we’ve been defining sport culture since the beginning. And we’re never done. Come be a part of shaping the future together with us.

The Facts

Jobtitle Senior Manager Information Security Governance (m/f/d) for Internal Controls
Team Information Technology
Brand adidas
Location Herzogenaurach
Country Germany
Number 186934
Position Type Full time
Date Nov-27, 2018
Relocation no

Sounds great for you? We would love to have you here.

Apply here

Jobs you might be interested as well?

  • Senior Solutions Architect (m/f/d)

    Herzogenaurach, Germany | Information Technology

    May 08 2019 - 195544
  • Senior Director Data & Analytics Europe

    Herzogenaurach, Germany | Information Technology

    May 07 2019 - 195565
  • Director Solution Architecture (m/f/d)

    Herzogenaurach, Germany | Information Technology

    April 26 2019 - 194254
  • Software Engineer (m/f/d) - temp 1 year

    Herzogenaurach, Germany | Information Technology

    April 26 2019 - 194258
  • Operations Engineer (m/f/d)

    Herzogenaurach, Germany | Information Technology

    April 24 2019 - 194389
  • Data Scientist (m/f/d)

    Herzogenaurach, Germany | Information Technology

    April 23 2019 - 194891

Welcome to the World of Sports

Join thousands of others from around the world who have come to adidas global headquarters in Herzogenaurach, Germany for the professional and personal opportunity of a lifetime. If you’re excited to have a game-changing career, we’re excited to welcome you to our world of sports.

Facts about Herzogenaurach

is looking mostly for

  • Digital
  • Marketing & Communications
  • Information Technology
  • Accounting & Finance
  • Design
  • Product Development
  • Human Resources
  • Herzogenaurach Fact-Sheet

  • Working Hours
  • On-Site Doctor
  • Healthcare Insurance
  • On-Site Daycare
  • Retirement Plan
  • Canteen
  • Company Sports
  • Company Events
  • Product Discount
  • On-Site Sports Facilities
  • Next airport to the location
  • Local Population

Brands in Herzogenaurach with open positions