Manager InfoSec Issue Management and Most Critical Framework



At adidas, our love for sport drives who we are and what we do. But just as a ball is more than leather and thread, and a show more than padding and plastic, we are bigger than our products. We don't just work to create faster shoes and lighter fabrics. We strive to help athletes everywhere perform their best. We believe that it's hard work inventing the future of sport, and that's why we love it; that when you push your limits, you

make it possible for others to push theirs.

We believe that through Sport, we have the power to change lives.

To change lives, we have to create direct relationships with consumers and the best way to accelerate building direct relationships is through Digital.



Manager InfoSec Issue Management and Most Critical Framework




At adidas, our believe is that “through sports we have the power to change lives”. Information Security plays a key role in keeping our platform and services secure to make this vision reality. Our technology and development processes are state of the art based on innovative technology and we are integrating security from the beginning to make it an integral part of our environment and culture. That gives us speed and quality for our consumers while making our teams empowered and autonomous.


As a Manager InfoSec Issue Management and Most Critical Framework in the Information Security Governance team, you will work in a team that is responsible to reach a state of continuous compliance by partnering and engaging with our technology, business and brand teams. You will achieve this by:

•             Ensuring InfoSec issues are properly rated and timely remediated following a risk-based approach.

•             Determining adidas Most Critical applications to ensure InfoSec efforts are directed on the systems which matters most to our business.



InfoSec Issue Management

•             Lead InfoSec Issue Management service ongoing operations, supporting the team as needed and interacting with key stakeholders.

•             Support InfoSec Issue Management service lead in the InfoSec Issue Management framework maintenance and service improvement plan, focusing on automation.

•             Proactively detect InfoSec issues across the whole adidas landscape throughout the usage of key InfoSec metrics and operational tools.

•             Lead InfoSec initiatives to improve our security posture on specific areas.

•             Provide advice and guidance to stakeholders on InfoSec Issue Management standards and Exception Management process.

•             Gain a deep understanding on key tools used to enrich issues’ information (e.g.: Enterprise Architecture repository, CMDB, product-led organization, etc.).

Most Critical Framework

•             Lead Most Critical Framework service ongoing operations, interacting with key stakeholders from Business and Tech.

•             Continuously improve criteria used for determining criticality of our applications, based on service roadmap, feedback and alignment with applicable regulations.

•             Execute Most Critical onboarding and offboarding procedures, ensuring required security controls are implemented and operated as per criticality status and application lifecycle.

•             Collaborate with key InfoSec stakeholders to define mandatory security requirements for Most Critical applications.

•             Define service improvements to streamline processes and automate them as much as possible by collaborating with key stakeholders.


Information Security Governance core functions

•             Interpret Information Security policies and standards, apply them to consistently manage risks and contribute to its development as required.

•             Explain purpose of Information Security control framework and provide guidance on the definition, implementation and operation of information security controls, translating technical concepts into language for broad technical and non-technical audiences.

•             Review current and proposed information systems & processes for compliance with the organization’s obligations and adherence to overall strategy.


Relationship Management

•             Build strong relationships with key stakeholders, include them into decision making and ensure their requirements are captured in the product backlog.



•             InfoSec

•             Tech

•             Product Owners (Business / Tech)

•             Business functions (Operations, Finance, HR, Brands, Sales)



•             4-year college or university degree with focus on Business Administration or IT or related areas, or equivalent combination of education and experience.

•             5+ years of experience in IT, at least 2 years of experience in Information Security.

•             Knowledgeable in information security standards or best practices (e.g.: Center for Internet Security controls framework, ISO 27001, NIST CSF, PCI DSS, etc.).

•             Knowledgeable in the classification of applications as per their criticality level, based on their business relevance and confidentiality, integrity and availability criteria.

•             Ability to lead an InfoSec related discussion on control deficiencies / vulnerabilities with technical and non-technical teams adopting a risk-based approach.

•             Hands-on experience in InfoSec Governance, Risk and Compliance solutions / Integrated Risk Management solutions is a plus (MetricStream, Archer, ServiceNow, etc.).

•             Hands-on experience in data analytics and business intelligence platforms is a plus (Power BI, Tableau, Qlik, Looker, MicroStrategy, etc.).

•             Proficient spoken and written command of English.

•             Excellent interpersonal skills.

•             Highly innovative mindset and permanently challenging the status quo.

•             Proactive, self-motivated, with the ability to work independently with minimal supervision and as a team member in a challenging and fast-paced environment.

•             Excellent analytical and problem-solving skills.

•             Skilled at preparing documentation for submission / presentation to senior leaders.

•             Able to drive change, create synergies and promote cooperation with strong customer focus and result orientation.

•             Strong collaboration in international and virtual teams, fostering a diversity and inclusion culture.



To be the best sports company in the world, you need the best talents within your teams.

If you are looking for growing professionally within adidas, we are happy to receive your application.

Check out the adidas developer portal to see our latest projects, platforms and tech stacks:

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

Job Title:  Manager InfoSec Issue Management and Most Critical Framework

Brand:  adidas
Location:  Zaragoza
TEAM:  Information Technology
State:  Z
Country/Region:  ES
Contract Type:  Full time
Number:  494944
Date:  Mar 17, 2023