adidas is an equal opportunity employer and we are committed to fostering an inclusive workplace. We welcome applications from people of all ages, genders (incl. gender identity), ethnic and social backgrounds, nationalities, sexual orientations, religions and beliefs, and those with apparent or non-apparent disabilities*. We do not tolerate harassment or discrimination toward any of our applicants or employees.

*We actively encourage individuals with disabilities to apply and will provide reasonable accommodations throughout the recruitment process.

The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability, and relevant compliance of information systems with legislation, regulation, and relevant standards.

Key Responsibilities:

Information security

• Provides advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
• Identify and Manage dependencies in complex SAP projects
• Provide or design security guidelines, guardrails, blueprints, best practices, key design principles, testing strategies
• Provide program related security consultancy needs on demand to product teams and other horizontal teams
• Obtains and acts on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems.
• Investigates major breaches of security and recommends appropriate control improvements.

Specialist advice

• Actively maintains recognized expert level knowledge in one or more identifiable specialisms.
• Provides definitive and expert advice in their specialist area(s).
• Oversees the provision of specialist advice by others, consolidates expertise from multiple sources, including third party experts, to provide coherent advice to further organizational objectives.
• Supports and promotes the development and sharing of specialist knowledge within the organization.

Research

• Within given research goals, builds on and refines appropriate outline ideas for research, including evaluation, development, demonstration, and implementation.
• Applies standard methods to collect and analyses quantitative and qualitative data.
• Creates research reports to communicate research methodology and findings and conclusions. Contributes sections of material of publication quality.
• Uses available resources to update knowledge of any relevant field and curates a personal collection of relevant material.
• Participates in research communities.

Emerging technology monitoring

• Supports monitoring of the external environment and assessment of emerging technologies to evaluate the potential impacts, threats, and opportunities to the organization.
• Contributes to the creation of reports, technology road mapping and the sharing of knowledge and insights.

Security administration

• Maintains security administration processes and checks that all requests for support are dealt with according to agreed procedures.
• Provides guidance in defining access rights and privileges.
• Investigates security breaches in accordance with established procedures and recommends required actions and supports / follows up to ensure these are implemented.

Digital forensic

• Contributes to digital forensic investigations.
• Processes and analyses evidence in line with policy, standards and guidelines and supports production of forensics findings and reports.

Penetration testing

• Maintains current knowledge of malware attacks, and other cyber security threats.
• Creates test cases using in-depth technical analysis of risks and typical vulnerabilities.
• Produces test scripts, materials, and test packs to test new and existing software or services.
• Specifies requirements for environment, data, resources, and tools.
• Interprets, executes, and documents complex test scripts using agreed methods and standards.
• Records and analyses actions and results.
• Reviews test results and modifies tests if necessary.
• Provides reports on progress, anomalies, risks, and issues associated with the overall project.
• Reports on system quality and collects metrics on test cases.
• Provides specialist advice to support others.

Relationship management

• Implements stakeholder engagement/communications plan.
• Deals with problems and issues, managing resolutions, corrective actions, lessons learned and the collection and dissemination of relevant information.
• Collects and uses feedback from customers and stakeholders to help measure effectiveness of stakeholder management.
• Helps develop and enhance customer and stakeholder relationships.

People Management / Resource Management: 

• Is involved in recruiting process and proposes support for hiring decision and pre-selection of candidates
• Allocates the different work to the respective employees considering experience, complexity, workload, and organizational efficiency
• Continuously monitors and evaluates team workload and organizational efficiency with the support of IT systems, data and analysis and team feedback and makes appropriate changes to meet business needs.
• Provides team members/direct reports with clear direction and targets that are aligned with business needs and GIT objectives

Key Relationships:

• Global IT
• Respective business function (GOPS, Finance, HR, Brand Marketing, Wholesale/Retail)
• HR Management
• Controlling

Requisite Education and Experience / Minimum Qualifications:

• Four-year college or university degree with focus on IT or related areas, or equivalent combination of education and experience
• Expert level knowledge in SAP technologies and SAP Security including but not limited to:

• SAP hardening:
• Data protection
• Identity and access management
• SAP BASIS
• Integrations
• SAP ABAP Security
• SAP Cloud technologies e.g. BTP, IBP, SAP FIORI, IBP..etc

Nice to have:

• Experience with SAP security tools, SIEM solutions, ABAP code security scanner
• Proficient spoken and written command of English
• At least 7-year experience in IT
• 5 years of experience in relevant area
• 2 years of experience in team management
• Strong understanding & knowledge of regional and global market landscape and the respective customer 
• Managed critical elements and cross functional and regional projects
• CISM, CISSP, CISA or other equivalent Security certifications