Loading...

Senior Manager Information Security -Governance

Purpose & Overall Relevance for the Organization:

 

The Senior Manager Information Security will drive application security assessments, secure DevOps processes along with other key security disciplines throughout adidas technology organization. This team will aide in establishing secure coding practices as well help determine what good security looks like and perform security assessments. This position is critical to establishing and maintaining secure systems while simultaneously promoting a culture of rapid and reliable software and infrastructure across the company. The team will work with various development and operations teams throughout adidas.

 

This role will require Consulting and Engineering in the development and design of security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.

 

Key Responsibilities:

 

  • Understand complex business problems and develop solutions using Secure SDLC methodologies.
  • Understand technical and business requirements to develop tactical and strategic roadmaps to address and implement Secure SDLC controls (data privacy, SAST, DAST, etc).
  • Mentor engineers, solution architects and technical leads to help build effective engineering practices.
  • Perform threat modelling using tools and otherwise.
  • Integrate security control design, implementation, and testing into the DevOps offerings.
  • Manage business requirements, scope and schedule and full cycle development and implementation.
  • Collaborate with the Consultants and Developers to understand any changes or new development efforts to ensure compatibility with existing orchestration framework.
  • Be a trusted automation and tooling advisor for DevSecOps initiatives by providing objective, practical and relevant ideas, insights and advice.
  • Plan, organize, and control multiple responsibilities to achieve objectives; technically guide cyclical and project activities through to completion.
  • Ensure deliverables are completed within target timeframes and are consistently of high-quality.
  • Work with teams to bring continuous improvement from a security perspective to application lifecycle management processes and tools.
  • Continually research, evaluate, and apply emerging security technologies to improve business outcomes.
  • Perform high and low level application security testing. Duties primarily consist of running automated scanners, using advanced attack and assessment methodologies, as well as review of source code to thoroughly evaluate the security of target applications. Other duties include meeting with application owners prior to assessment, correlating resulting data for delivery, and validating vulnerability mitigation.
  • To enhance IT security and controls in response to increased internal and external web applications as well as legal and regulatory requirements.
  • Create and maintain application test vulnerability and risk assessment database.
  • Develop and maintain an IT security application testing strategy, policies, standards, and architecture.
  • Do application tests remotely and onsite to help ensure audit, regulatory and policy satisfaction.
  • Provide support within the Global IT Security team on all application testing matters.

 

Knowledge, Skills and Abilities:

  • Strong knowledge of Cloud, CI/CD Pipeline Components
  • Expertise in the deconstruction of application stacks associated with bare-metal, SaaS, and PaaS architectures
  • Understanding of how to detect and remedy security issues associated with OWASP Top 10
  • Pentest experience
  • Experience with static and dynamic application security testing tools (SAST and DAST)
  • Deep understanding of the AWS security model
  • Experience setting up CI/CD pipelines on microservices using CI/CD and automation tools and components like Terraform, CloudFormation, Puppet, Jenkins, Selenium, BitBucket, Ansible, etc…
  • Have implemented DevOps processes and tools
  • Able to identify systemic security issues based on the analysis of vulnerability and configuration data
  • Knowledge of secure coding techniques
  • Knowledge of RESTful API integration in at least one functional area (e.g., Cloud, CI/CD Pipeline Components and Authentication)
  • Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end
  • Understanding of the PCI-DSS requirements and when and how they should be implemented within business systems and processes
  • Ability to be self-directed while working under tight deadlines
  • Ability to work in a fast-paced environment with different international cultures
  • Business- and solution-oriented, global mindset
  • Ability to define problems, collect data, establish facts and draw valid conclusions
  • Ability to cope with change, make decisions and act comfortably with risk and uncertainty
  • Expert knowledge of respective business processes and IT systems
  • Strong strategic thinking and planning skills
  • Strong experience in working on several projects simultaneously
  • Strong communication (both written and verbal) and facilitation skills (small and large groups) especially when interacting with different levels of business
  • Ability to travel, domestic or international, as required
  • Fluent English (verbal and written),

 

 

 

Requisite Education and Experience / Minimum Qualifications:

  • Bachelor’s degree in an appropriate field, such as information technology, electrical engineering, mathematics or equivalent combination of education and experience
  • Minimum of 8+ years of progressive work experience in large-scale (IT) projects or program management or large-scale application service responsibility
  • Strong understanding of enterprise-level networks, networking protocols, devices, and architecture 
  • Strong background in creating secure cloud architectures for Internet-facing applications.
  • Strong stakeholder management as well as the ability to negotiate and influence at all levels
  • Sound understanding of emerging technologies and how these can create new business models
  • Strong analytical skills
  • Ability to deliver projects on-time, on-budget
  • Must be able to perform well under pressure
  • Extensive knowledge of distributed data networking technologies and systems
  • Experience working with various compliance standards like (PCI, CoBIT, NIST, etc…)
  • 3-4 as a Code reviewer and Programmer. With strengths in Application testing and code evaluation.
  • Good Project management skills

 

adidas celebrates diversity, supports inclusiveness and encourages individual expression in our workplace. We do not tolerate the harassment or discrimination toward any of our applicants or employees. We are an Equal Opportunity Employer.

Job Title:  Senior Manager Information Security -Governance

Brand:  adidas
Location:  Shanghai
TEAM:  Information Technology
State:  SH
Country/Region:  CN
Contract Type:  Full time
Number:  358870
Date:  Oct 16, 2021