Director Information Security (m/f/d) - Identity & Access management (IAM)

Purpose & Overall Relevance for the Organization:

 

The Director Information Security role is responsible for ensuring the completeness (fitness-for-purpose) and integrity of adidas’ information security architecture, designing, documenting, delivering and improving information security solutions and building blocks, and providing consultancy for their reuse. This includes continuous monitoring and management of requirements, including information security risks, stakeholder needs, and emerging technologies.

 

The primary focus of the role is to set the IAM domain strategy, roadmap 3-5 years, review existing technologies against strategy & roadmap, create solution designs/standards/patterns, acting as the subject matter expert and guiding the design to meet the overall objectives for the information security domain.

 

This role will require Consulting and Engineering in the development and design of corporate security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.

 

This position reports directly to the Sr Director Information Security- Identity & Access management.

 

Key Responsibilities:

 

Information security

  • Develops and communicates corporate information security policy, standards and guidelines.
  • Contributes to the development of organisational strategies that address information control requirements.
  • Identifies and monitors environmental and market trends and pro-actively assesses impact on business strategies, benefits and risks.
  • Leads the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions such as legal, technical support. Ensures architectural principles are applied during design to reduce risk and drives adoption and adherence to policy, standards and guidelines.

 

Security Architecture

 

  • Set strategy and roadmap for Identity & Access management
  • Review existing IAM environment against use-cases and strategy.
  • Support the design, build and implementation of enterprise-class security systems for a production environment.
  • Align standards, frameworks and security with overall business and technology strategy.
  • Design / adapt security architecture elements to mitigate threats as they emerge.
  • Design / adapt solutions that balance business requirements with information and cyber security requirements.
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
  • Contribute to enterprise level Architecture Principles Design from the information security perspective.
  • Collaborate with, and facilitate stakeholder groups, as part of formal or informal consultancy agreements.

 

Consultancy

  • Takes responsibility for understanding client requirements, collecting data, delivering analysis and problem resolution.
  • Identifies, evaluates and recommends options, implementing if required.
  • Collaborates with, and facilitates stakeholder groups, as part of formal or informal consultancy agreements.
  • Seeks to fully address client needs, enhancing the capabilities and effectiveness of client personnel, by ensuring that proposed solutions are properly understood and appropriately exploited.

 

Specialists advise

  • Actively maintains recognized expert level knowledge in one or more identifiable specialisms.
  • Provides definitive and expert advice in their specialist area(s).
  • Oversees the provision of specialist advice by others, consolidates expertise from multiple sources, including third party experts, to provide coherent advice to further organisational objectives.
  • Supports and promotes the development and sharing of specialist knowledge within the organisation.

 

Research

  • Builds on and refines appropriate outline ideas for the evaluation, development, demonstration and implementation of research.
  • Contributes to research goals and funding proposals.
  • Collects and analyses qualitative and quantitative data as required.
  • Creates research reports to communicate research methodology, findings and conclusions.
  • Presents papers at conferences, contribute significant sections of material of publication quality, and presents reports to clients.
  • Contributes to research plans and identifies appropriate opportunities for publication and dissemination of research findings.
  • Makes an active contribution to research communities.

 

Emerging trends & technology monitoring

  • Maintain expertise by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
  • Monitors the external environment to gather intelligence on emerging technologies.
  • Assesses and documents the impacts, threats and opportunities to the organization.
  • Creates reports and technology roadmaps and shares knowledge and insights with others.

 

Security administration

  • Monitors the application and compliance of security administration procedures and reviews information systems for actual or potential breaches in security.
  • Ensures that all identified breaches in security are promptly and thoroughly investigated and that any system changes required to maintain security are implemented.
  • Ensures that security records are accurate and complete and that request for support are dealt with according to set standards and procedures.
  • Contributes to the creation and maintenance of policy, standards, procedures and documentation for security.

 

Relationship management

  • Identifies the communications and relationship needs of stakeholder groups.
  • Translates communications/stakeholder engagement strategies into specific activities and deliverables. Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. 
  • Provides informed feedback to assess and promote understanding.
  • Facilitates business decision-making processes.
  • Captures and disseminates technical and business information.

 

If required: People Management / Resource Management: 

  • Supports resource planning and may have full responsibility in recruiting process.
  • Implement resource plans, including conducting recruitment interviews.
  • Facilitates selection, assessment and onboarding processes, and internal resource allocation.
  • Contributes to transitioning of resources, complying with relevant statutory or external regulations and codes of good practice.
  • Ensures appropriate   leadership   skills   are   present   at   every   level   through   creating   a motivational and supportive work environment in which employees are coached, trained and provided with career opportunities through development  
  • Allocates the different work to the respective employees considering experience, complexity, workload and organizational efficiency
  • Continuously monitors and evaluates team workload and organizational efficiency with the support of IT systems, data and analysis and team feedback and makes appropriate changes to meet business needs.

 

Key Relationships: 

  • Global IT
  • Respective business function (Finance, HR, Brand Marketing, GOPS, Wholesale/Retail)
  • HR management
  • Enterprise, Domain and Solution Architects
  • (Senior) Directors of respective IT departments
  • Business and IT program and project managers
  • (Senior) Directors of Application Engineering & Support teams (development, testing, support, integration), Legal & Compliance / Data Protection

 

Requisite Education and Experience / Minimum Qualifications

  • Four-year college or university degree with focus on Business Administration or IT or related areas, or equivalent combination of education and experience 
  • Proficient spoken and written command of English  
  • 10+ years of progressive work experience in Identity & Access management (identity administration & Governance, Authorization, Authentication, PAM, PKI) and concepts of Zero Trust. Required technology knowledge in Sailpoint, Azure AD, Thycothic.
  • A track record in Identity & access management domain architecture.
  • CISSP-ISSAP, TOGAF Certified, SABSA Chartered Security Architect Certifications, CCSP, AWS Certified Solutions Architect certifications are a plus
  • Internationally Experience- ideally working abroad and mobile leadership roles for multiple years and functional/market experience in projects with a local/global perspective.

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

Job Title:  Director Information Security (m/f/d) - Identity & Access management (IAM)

Brand:  adidas
Location:  Zaragoza
TEAM:  Information Technology
State:  AR
Country/Region:  ES
Contract Type:  Full time
Number:  452328
Date:  Jun 9, 2022