Who We Are:
Brooks is a team of passionate people united by a desire to do meaningful work, lead healthy lives and make a difference. We share a focused mission: to inspire everyone to run and be active. That’s it. No distractions—it’s all about the run. Through science, creativity, service, authenticity and connection, we obsess over delivering the best running gear on the planet. We do it our way, with our unique spirit, with a goal of being more relevant to runners than any other brand, day after day and mile after mile. We are determined to innovate, challenging ourselves to lead thought at every turn. Inside these walls and on the roads, tracks and trails, we live and breathe Run Happy, celebrating the positive impact running has on our lives and others. We inject it into all we do because it makes everything better, smarter, more fun and more memorable. Our company culture defines us, bonds us together and creates the conditions for success. It is lived daily as a behavioral expression of our collective set of brand values: Connect with People, Innovate for our Customer, Compete as a Team, Build Trust, Have Fun & Bring Passion, and Be Active. If you’re on our team, it means you’re part of creating something extraordinary. You’re part of Brooks.
You are responsible for ensuring Brooks’ information assets are protected and available for operations. You design, implement and operate information security and business continuity programs worldwide. You and a team of Analysts and Engineers will:
⏵ Protect company, employee and customer information.
⏵ Prevent disruption of operations.
⏵ Assess and mitigate financial and reputational risk.
⏵ Ensure Brooks complies with applicable laws and regulations including Payment Card Industry (PCI) rules governing payment card data, HIPAA, GDPR, CCPA and SOC 2 requirements.
⏵ Directly manage a team of 1 -3 Analysts and Engineers and provide direction to all Information Technology team members who implement and administer security and business continuity programs.
⏵ Lead, mentor and coach a team of Analyts and Engineers. Promote career development and manage the performance of the team using Brooks HR processes.
⏵ Manage team work assignments and timelines.
⏵ Hire and manage information technology personnel and/or contractors to design, develop, implement, and operate security controls.
Information Security Leadership:
⏵ Chair information security governance committee.
⏵ Define, implement and enforce information security policy and procedures.
⏵ Lead the design, implementation, and operation of security-related systems including anti-virus, mobile device management, two-factor authentication, identity management, security incident and event monitoring, threat protection and data loss prevention.
⏵ Collaborate with network and systems teams to implement security procedures and controls.
⏵ Oversee security awareness training for the company.
⏵ Participates in security audits and responds to findings.
⏵ Ensure Brooks remains compliant with Payment Card Industry (PCI) and SOC 2 requirements.
⏵ Act as the Data Protection Officer (DPO) as defined by the EU’s General Data Protection Regulation (GDPR).
⏵ Act as the HIPAA Security Officer as defined in the Health Insurance Portability and Accountability Act (HIPAA),
⏵ Report on the status of the information security program to executive leadership.
⏵ Define the incident response plan and ensures timely, compliant and proactive incident response.
⏵ Define and implement crisis management plans for all types of incidents including non-technology events such as natural disasters.
⏵ Assess business continuity needs, develop business continuity plans, oversee implementation and testing of these plans as part of an overall business continuity program.
⏵ Identify security risks, make recommendations, and implement effective solutions.
⏵ Maintain awareness of evolving security threats and ensure Brooks is prepared to mitigate risks of exposure.
⏵ Oversee the validation security controls through testing.
⏵ Apply significant knowledge of industry trends and best practices to improve Brooks security posture.
⏵ Maintain relationships with technology providers.
⏵ Make recommendations for the purchase of technology resources; review and negotiate contracts, and ensure vendor performance.
⏵ Own the security program roadmap, responsible for ensuring the roadmap is current leveraging industry best practices and the improvements in the cybersecurity discipline.
⏵ Build information security budget and contribute to the overall IT budget.
⏵ Operate to planned budget to ensure department and company goals are met.
⏵ Bachelor’s degree in Information Systems, Computer Science, Engineering
⏵ CISM and CRISC certification required.
⏵ CISSP and other relevant certification preferred.
⏵ Certified Business Continuity Manager preferred.
⏵ Five (5) years of experience managing a team of IT information security professionals, which includes two (2) years in each of the following:
⏵ a. Implementing ISO 27001 and NIST Cyber Security Frameworks, utilizing PCI – DSS, COBiT and SOC 2 security requirements.
⏵ b. Conducting security audits and responding to findings.
⏵ c. Building information security budgets and contributing to overall IT budget.
⏵ 10+ years of experience in the information security field.
⏵ Project management and vendor management.
⏵ Working in a global environment with colleagues from different cultures.
⏵ Talent for analyzing and communicating alternatives, risks and benefits with the goal of reaching decisions or resolving problems.
⏵ Knowledge of Windows, Microsoft Office (Word, Excel), and email software.
⏵ Excellent verbal and written communication skills, demonstrating effective listening through concise, clear verbal and written communication, required.
⏵ Excellent interpersonal skills that inspire and build trust resulting in effective working relationships across the company, required.
⏵ Keen attention to detail in planning, organization and execution of tasks, while still seeing the big picture and understanding how all of the pieces fit together and affect one another, required.
⏵ Ability to anticipate how a decision made can affect our customers, our partners, our products or other departments’ operations and/or morale; “connecting the dots,” required.
⏵ Ability to rapidly adapt and respond to changes in environment and priorities.
⏵ Demonstration of innovation and initiative – always looking at improving our products and processes while also displaying a willingness to dive into the details