Director Information Security Architect

Key Responsibilities:

Security Architecture

  • Interpret relevant security policies and threat/risk profiles into secure architectural solutions that mitigate the risks and conform to legislation and regulations, and relate to business needs.
  • Apply common architectural frameworks (e.g. TOGAF, SABSA).
  • Applies security architecture principles to networks, IT systems, infrastructures and products.
  • Present security architecture solutions as a view within broader IT architectures.
  • Maintain awareness of the security advantages and vulnerabilities of common products and technologies.
  • Design robust and fault-tolerant security mechanisms and components appropriate to the perceived risks.
  • Develop and implement appropriate methodologies, templates, patterns and frameworks.
  • Devise standard solutions that address requirements delivering specific security functionality whether for a business solution or for a product.
  • Apply Enterprise Information Security Architectural principles in new and complex situations.
  • Recommend appropriate tools and how to apply those tools to achieve the required Enterprise Information Security Architecture.
  • Has a broad understanding of security vulnerabilities and the techniques for applying effective controls.
  • Apply security architectural principles to new and complex networks, infrastructure and systems and able to bring structure to disparate systems.
  • Supervise and coach less experienced practitioners.

Broader Security

  • Balance local (region or project) and Global Information Security Governance processes
  • Undertake Information Security Governance tasks under supervision.
  • Recognise and address non-compliance and make recommendations for change.
  • Contribute to local or global policies.
  • Apply recognised standards (e.g. ISO/IEC 27017).
  • Conceive and deliver business improvement through the application of Information Security
  • Persuade senior stakeholders to invest in Information Security.
  • Materially contribute to improving Information Security awareness by developing and delivering training sessions.
  • Recognise and report non-compliances with applicable legislation and regulation.
  • Update Information Security policies and standards to comply with legislation and regulation with minimal supervision.
  • Contribute to developing or maintaining compliance by third parties to adidas Information Security policies and standards, e.g. by specifying or verifying requirements.
  • Undertake complex risk assessments to inform the risk management process.
  • Contribute to regional information risk management plans.
  • Contribute to security evaluation of software / services.
  • Understand local (organisation or project) policies and processes relating to the protection of personal data.
  • Support personal data protection tasks.
  • Support tasks relating to personal privacy.
  • Take appropriate and timely action to develop and maintain personal Information Security knowledge and expertise.

Stakeholder Management

  • Work effectively in teams, either as a member or leader.
  • Encourage and support others to meet objectives and to develop as Information Security professionals.
  • Is a leader on Information Security issues, both in APAC and across adidas.
  • Provide technical leadership in security architecture.
  • Understand country, APAC and global business aims and use this knowledge to maximise the cost effectiveness of Information Security.
  • Contribute to the development of cost-effective corporate Information Security strategy
  • Take action to achieve greater corporate efficiency in line with strategic aims.
  • Take reasoned decisions on Information Security based on business aims and influences
  • Proactively share good practice and expertise with colleagues.
  • Contribute effectively to debates and complex discussion demonstrating well reasoned arguments and conclusions to negotiate effectively on Information Security issues.
  • Adapt communication style to suit audience, developing effective mechanisms to disseminate information to colleagues.


Requisite Education and Experience / Minimum Qualifications:

  • Bachelor’s degree in an appropriate field, such as information technology or management, or equivalent combination of education and experience
  • Minimum of 12+ years of progressive work experience in large-scale (IT) programmes or large-scale application service responsibility
  • CISSP, CISM and/or AWS, Azure security certifications desired
  • Strong understanding of enterprise-level networks, networking protocols, devices, and architecture 
  • Experience in NIDS/HIDS, SEIM, Log Management, Patch Management, Vulnerability Management, eDiscovery, Virtual Machine Security
  • Experience in Security Architecture, Policies & Standards, Risk Management, Incident Handling and Response, Information Classification
  • Track record of delivering projects on-time, on-budget and performing well under pressure



adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

Job Title:  Director Information Security Architect

Brand:  adidas
Location:  Shanghai
TEAM:  Information Technology
Country/Region:  CN
Contract Type:  Full time
Number:  194897