DevSecOps Engineer
adidas
Zaragoza, Z, ES
hace 2 días

Purpose & Overall Relevance for the Organization :

The Information Security Architect is designing, documenting, delivering and improving information security solutions and building blocks, and providing consultancy for their reuse.

This includes continuous monitoring and management of requirements, including information security risks, stakeholder needs, and emerging technologies.

The primary focus of the role is to maintain a specific set of technologies, designs and standards, acting as a subject matter expert and contributing to the design to meet the overall objectives for the information security domain.

This role will require Consulting and Engineering in the development and design of Corporate security best practices and implementation of solid security principles across the organization, to meet business goals along with customer and regulatory requirements.

This position reports directly to the Director Information Security Architecture.

Key Responsibilities :

Security Architecture

  • Define and maintain the policies, standards, procedures and guidelines required to appropriately document rules and usage of related IT Security controls.
  • Design, build and implement enterprise-class security systems for a production environment.
  • Align standards, frameworks and security with overall business and technology strategy.
  • Design / adapt security architecture elements to mitigate threats as they emerge.
  • Design / adapt solutions that balance business requirements with information and cyber security requirements.
  • Identify security design gaps in existing and proposed architectures and recommend changes or enhancements.
  • Plan security systems by evaluating network and security technologies adhering to industry standards; maintaining requirements and architecture designs for amongst others :
  • Network security and controls for office, on-premise and hosted data centers, software-defined data centers, distribution centers, corporate WAN, retail network, site-to-site and client-to-site VPNs, wireless networks (e.
  • g. / virtual / routers, switches, up L4-L7 firewalls, WAF, NIDS / NIPS, network admission control, DPI, content filtering, wireless protection, etc.);
  • Cryptographic services (e.g. public key infrastructure, certificate and encryption key management, hardware security modules);
  • Endpoint security solutions (e.g. anti-malware, HIPS / HIDS, host firewall, media control, EDR, application control, host DLP);
  • Email security solutions (e.g. anti-malware, anti-spam, email fraud defense, email encryption, email DLP);
  • Privilege Management Infrastructure (e.g. identity management, user directory services, / federated / authentication services, authorization services, policy enforcement, privileged usage management),
  • Data Loss Prevention (information classification, labelling, data discovery, scanning, control for data in transit, in use, and at rest);
  • Intellectual Property Protection;
  • Automated compliance testing, vulnerability management, threat management.
  • Consultancy

  • Ensure and advise on how to reach compliance with information security related governance controls.
  • Design / adapt / contribute to technical information security standards, operational security baselines, guidelines.
  • Promote and guide the (re)use of information security building blocks.
  • Identify, evaluate and recommend options, drive the implementation of building blocks if required.
  • Collaborate with, and facilitate stakeholder groups, as part of formal or informal consultancy agreements.
  • Contribute to architecture related information security risk management (especially to assessment and mitigation planning).
  • Technical Specialism

  • Gain and maintain an in-depth knowledge in a set of specific technology domains, and provide expert advice regarding specific information security areas.
  • Emerging trends & technology monitoring

  • Maintain expertise by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
  • Identify new and emerging hardware and software technologies and products within the information security domain, assess their relevance and potential value to the organization.
  • Contribute to research goals.
  • Use available resources to maintain up-to-date knowledge of the information security field.
  • Requirements definition and management

  • Determine security requirements by evaluating business requirements, corresponding information security standards and regulations, conducting system security and vulnerability analysis and risk assessments, evaluating the information system architecture / platform, identifying integration issues.
  • Select the most appropriate means of representing security requirements in the context of a specific change initiative.
  • Drive the requirements elicitation process where necessary, identifying what stakeholder input is required.
  • Ensure that information security aspects are integrated to solution design.
  • Relationship management

  • Identify the communications need of each stakeholder group in conjunction with business owners and subject matter experts.
  • Translate communications / stakeholder engagement strategies into specific tasks.
  • Provide informed feedback to assess and promote understanding.
  • Key Relationships

  • Domain and Solution Architects
  • Enterprise Architects
  • Business and IT program and project managers
  • Senior Managers of Application Engineering & Support teams (development, testing, support, integration), Legal & Compliance / Data Protection
  • Knowledge, Skills and Abilities

  • Experience in conducting interviews and delivering information security assessments of the current infrastructure, projects, new technologies, external service providers and information security related changes.
  • Solid understanding of enterprise-level information systems and technology architectures, network security, cryptography, virtualization, cloud security concerns.
  • A basic understanding of ISO2700X, PCI-DSS, ITIL standards.
  • Technically aware of current threats and trends, emerging information security solutions / vendor products.
  • Pro-active (engaging & impact-oriented) mindset, ability to think end-to-end.
  • Ability to work in a fast-paced environment with different international cultures.
  • Ability to define problems, collect data, establish facts, carry out logical analysis, and draw valid conclusions.
  • Ability to work on several projects simultaneously, ability to deliver projects on-time, on-budget.
  • Strong communication skills (both written and verbal in English).
  • Ability to travel, domestic or international, as required.
  • Requisite Education and Experience / Minimum Qualifications

  • Bachelor’s degree in information technology or management, or equivalent combination of education and experience.
  • 3+ years of progressive work experience in at least two of the following domains : Security and Risk Management; Asset Security;
  • Security Engineering; Communications and Network Security; Identity and Access Management; Security Assessment and Testing;
  • Security Operations; Software Development Security.

  • CISSP, CISM, CISSP-ISSAP, TOGAF Certified, SABSA Chartered Security Architect Certifications, ITIL, CCSP, AWS Certified Solutions Architect certifications are a plus
  • A track record in systems integration, solutions modeling, services design is a plus.
  • Not the right job for you? There are thousands of opportunities at

    adidas around the world. Find the one with your name on it.

    Want to get a behind the scenes look at our offices?

    adidas Careers

    THROUGH SPORT, WE HAVE THE POWER TO CHANGE LIVES

    www.careers.adidas-group.com

    Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación