Under Armour:
VP, CISO Job in Baltimore, VT
Premium
See who posted the job
Premium
Competitive Insights
Premium
Check your commute time
Closed
Baltimore, VT
Full-time
About the job
Under Armour is all about performance. Because what we make empowers athletes in every form to push themselves, to turn good into great, and to stay hungry for whatever comes next. And this is exactly what we expect from each other.
Working with us means one key thing: no matter what you do, you see every day and every project as a chance to push your field forward. In every store and every office, we build teams where everyone is an MVP. And together we tackle every challenge head on. Because we work to push the gear, the game, and ourselves farther.
We’re looking for people who do more than good work. We’re looking for the Best in Every Game.
Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... I Will. Our goal is to Build A Great Team! Will YOU…Protect This House?!
Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.
That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.
The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... We Will. Our goal is to Build A Great Team!
Boasting a retail and sourcing presence for its footwear and apparel business in more than 100 countries, the world’s largest digital fitness and wellness community, and technology innovation that combines digital and physical products in new ways, Under Armour is a fast-growing, technology-driven company with information assets spanning the globe. We are seeking a Chief Information Security Officer with the technical experience, policy acumen and inter-personal skills necessary to PROTECT THIS HOUSE.
Summary
The Chief Information Security Officer is responsible for the organization's development and enforcement of security policy and strategy.
The Chief Information Security Officer is responsible for: Establishing, implementing and maintaining an enterprise wide information security program to ensure that Under Armour information assets are adequately protected; Identifying, evaluating, responding to and reporting on information security risks and incidents in a manner that meets or exceeds compliance and regulatory requirements; Managing and developing specialized security teammates; and Communicating across the enterprise, among executives and to the Board.
The scope these responsibilities will encompass applications and infrastructure across all IT and Digital/mobile application assets and related security risk management activities. In this role, you will be the owner of all ongoing activities related to advancing UA’s digital security posture; for the availability, integrity and confidentiality of customer, business partner, employee and business information; and for compliance with the organization's global legal data protection obligations You will influence and work with executive management, engineering and product teams to determine acceptable levels of risk for the organization and establish best practices for the business globally. To do that, you must be highly knowledgeable about the broad UA business, its innovation strategy, global product and digital operational environment and the threat landscape to ensure that Under Armour’s intellectual property, sensitive information and information systems are fully functional and secure.
Essential Duties and Responsibilities include the following:
GENERAL DUTIES: Develop, deploy, monitor, approve and oversee the implementation and maintenance of an enterprise-wide information security strategy and program to protect both Under Armour’s global operational information and systems, Connected Fitness user data, Intellectual Property and other information entrusted to the organization with our business partners. The Information Security Program may require the candidate to:
Maintain current understanding of cyber threats to the industry, and direct and approve implementation of security policies, technologies and systems to ensure security by design in context
Develop, implement and monitor a strategic, comprehensive enterprise information security architecture, policies, organization and risk management program.
Manage, develop, and mentor a broad operational team responsible for Information Security and within IT and the Digital business; Oversee and set key performance metrics and other goals and objectives for these teams.
Develop and manage information security budgets and monitor them for variances
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
Develop and implement an information security detection system that correlates logs across IT systems
Work directly with the business units to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and ensure access controls based on roles and responsibilities with regard to information classification and protection.
Provide strategic and tactical guidance for all IT and Digital business projects, including the evaluation and recommendation of physical, technical, administrative and other security controls.
Liaise with the enterprise and digital product architecture teams to ensure alignment with broad security architectures, thus coordinating the strategic planning implicit in these architectures.
Ensure that security programs are in compliance with applicable standards, laws, regulations and policies to minimize or eliminate risk and audit findings. (E.g., GDPR, PCI, the Sarbanes-Oxley Act, etc.)
Liaise between the information security team, Legal, Executive leaders, HR and other teams as required.
Create and facilitate the information security risk assessment process, including training, testing, reporting and remediation efforts.
Manage security incidents and events to protect corporate assets, including consumer and user data, intellectual property, fixed assets and Brand reputation.
Coordinate the use of external resources involved in the information security program.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
Co-Lead Data Incident Response Team with Deputy General Counsel to advance and, when necessary, execute the Data Incident Response Plan
Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
15+ years of experience in cyber and information security, information technology risk management, with significant experience in information technology control standards and processes. Consumer markets experience preferred.
In-depth knowledge of all CISO functions to include, but not
Working with us means one key thing: no matter what you do, you see every day and every project as a chance to push your field forward. In every store and every office, we build teams where everyone is an MVP. And together we tackle every challenge head on. Because we work to push the gear, the game, and ourselves farther.
We’re looking for people who do more than good work. We’re looking for the Best in Every Game.
Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... I Will. Our goal is to Build A Great Team! Will YOU…Protect This House?!
Under Armour is the chosen brand of this generation of athletes... and the athletes of tomorrow. We're about performance - in training and on game day, in blistering heat and bitter cold. Whatever the conditions, whatever the sport, Under Armour delivers the advantage athletes have come to demand.
That demand has created an environment of growth. An environment where building a great team is vital. An environment where doing whatever it takes is the baseline and going above and beyond to protect the Brand is commonplace.
The world's hungriest athletes live by a code, a pledge to themselves and everyone else: Protect This House... We Will. Our goal is to Build A Great Team!
Boasting a retail and sourcing presence for its footwear and apparel business in more than 100 countries, the world’s largest digital fitness and wellness community, and technology innovation that combines digital and physical products in new ways, Under Armour is a fast-growing, technology-driven company with information assets spanning the globe. We are seeking a Chief Information Security Officer with the technical experience, policy acumen and inter-personal skills necessary to PROTECT THIS HOUSE.
Summary
The Chief Information Security Officer is responsible for the organization's development and enforcement of security policy and strategy.
The Chief Information Security Officer is responsible for: Establishing, implementing and maintaining an enterprise wide information security program to ensure that Under Armour information assets are adequately protected; Identifying, evaluating, responding to and reporting on information security risks and incidents in a manner that meets or exceeds compliance and regulatory requirements; Managing and developing specialized security teammates; and Communicating across the enterprise, among executives and to the Board.
The scope these responsibilities will encompass applications and infrastructure across all IT and Digital/mobile application assets and related security risk management activities. In this role, you will be the owner of all ongoing activities related to advancing UA’s digital security posture; for the availability, integrity and confidentiality of customer, business partner, employee and business information; and for compliance with the organization's global legal data protection obligations You will influence and work with executive management, engineering and product teams to determine acceptable levels of risk for the organization and establish best practices for the business globally. To do that, you must be highly knowledgeable about the broad UA business, its innovation strategy, global product and digital operational environment and the threat landscape to ensure that Under Armour’s intellectual property, sensitive information and information systems are fully functional and secure.
Essential Duties and Responsibilities include the following:
GENERAL DUTIES: Develop, deploy, monitor, approve and oversee the implementation and maintenance of an enterprise-wide information security strategy and program to protect both Under Armour’s global operational information and systems, Connected Fitness user data, Intellectual Property and other information entrusted to the organization with our business partners. The Information Security Program may require the candidate to:
Maintain current understanding of cyber threats to the industry, and direct and approve implementation of security policies, technologies and systems to ensure security by design in context
Develop, implement and monitor a strategic, comprehensive enterprise information security architecture, policies, organization and risk management program.
Manage, develop, and mentor a broad operational team responsible for Information Security and within IT and the Digital business; Oversee and set key performance metrics and other goals and objectives for these teams.
Develop and manage information security budgets and monitor them for variances
Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
Develop and implement an information security detection system that correlates logs across IT systems
Work directly with the business units to facilitate information risk analysis and risk management processes, identify acceptable levels of risk, and ensure access controls based on roles and responsibilities with regard to information classification and protection.
Provide strategic and tactical guidance for all IT and Digital business projects, including the evaluation and recommendation of physical, technical, administrative and other security controls.
Liaise with the enterprise and digital product architecture teams to ensure alignment with broad security architectures, thus coordinating the strategic planning implicit in these architectures.
Ensure that security programs are in compliance with applicable standards, laws, regulations and policies to minimize or eliminate risk and audit findings. (E.g., GDPR, PCI, the Sarbanes-Oxley Act, etc.)
Liaise between the information security team, Legal, Executive leaders, HR and other teams as required.
Create and facilitate the information security risk assessment process, including training, testing, reporting and remediation efforts.
Manage security incidents and events to protect corporate assets, including consumer and user data, intellectual property, fixed assets and Brand reputation.
Coordinate the use of external resources involved in the information security program.
Develop business-relevant metrics to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation and increase the maturity of the security program.
Co-Lead Data Incident Response Team with Deputy General Counsel to advance and, when necessary, execute the Data Incident Response Plan
Qualifications To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
15+ years of experience in cyber and information security, information technology risk management, with significant experience in information technology control standards and processes. Consumer markets experience preferred.
In-depth knowledge of all CISO functions to include, but not