At On, the most exciting and fastest-growing global sports brand, we are looking for an Information Security Lead to join our Global Technology Service and Operations team. You will bring a strong technical security background, who will be focused on leading and implementing all aspects of Information Security, including security and data governance strategy, security architecture and tooling, and security awareness and incident management. In addition, this person will possess an in-depth knowledge of regulatory requirements as well as information security best practices, policies, procedures, and controls. You will partner closely with Legal, Talent (HR), Technology, Risk, and Finance to understand business and compliance requirements and provide expertise on all aspects of information security, including the deployment of security guidelines, policies, procedures, and standards to ensure compliance with relevant regulations and security frameworks.
In addition this position will also oversee Identity and Access Management (IAM) and technology Governance, Risk and Compliance (GRC) capabilities.
Security Architecture and Team
- Build and lead a team of security professionals. Assess the team makeup, skillsets, and gaps and provide recommendations for building and growing a highly effective team
- Design and build the security architecture and tools (via PoC, technology assessment, design review, solution implementation and a strong collaboration with Technology)
- Global Security Standards and Programs
- Globalize our compliance programs by expanding and improving guidelines, policies, processes, and programs working closely with our legal and technical engineering teams to ensure full alignment.
- Participate in the ongoing evolution of our cloud services to ensure security is integrated into every aspect of our technology landscape
Security Management and Monitoring
- Own and deploy a set of major security initiatives, including the build-out of security monitoring IR (SIEM), SOAR and SOC capabilities
- Review and deploy appropriate incident response plans and procedures to ensure a quick and effective response to security incidents
- Evaluate and adjust security tools, including third-party security services (bounty program, phishing simulations, etc)
Identity Access Management
- Practical experience in and in-depth knowledge of: IAM, PAM and SoD concepts, Multi-Factor Authentication, Domain Controller and Role Management, Google IdP, Azure AD
- Knowledge and experience implementing IAM software such as Okta, Sailpoint or Azure AD
- Minimum 7 years in a senior information security engineering role
- Experience and proficiency in many of the following domains:
- Security Monitoring / Penetration Testing and Audit / Vulnerability Management / IAM / Alerting and Security Incident Management / Endpoint or Device Monitoring and Management
- Professional security certifications such as CISSP, CISM, or CISA are preferred
- Experience in documenting, and evaluating risk and the ability to articulate that risk and its impact to stakeholders in terms the business can understand
- Background in building and implementing security guidelines, policies, procedures, and standards, understanding the need to focus on practical vs. overly complex
- Understanding of major global regulatory requirements, e.g., GDPR, SOX
Proven experience managing compliance audits and certifications, e.g., ISO 27001, SOC2
- Bachelor in Engineering, Information Technology or Security
Meet The Team
You will be part of a cross-organizational IT-Team. You have a lot of freedom to be creative and experiment and to expand your professional knowledge. We encourage you to continuously improve efficiency, finding new ways of working with the team members, while at the same time enjoying work with like-minded people. We live agile values, not just talk about it.
What We Offer
On is a place that is centered around growth and progress. We offer an environment designed to give people the tools to develop holistically - to stay active, to learn, explore and innovate. Our distinctive approach combines a supportive, team-oriented atmosphere, with access to personal self-care for both physical and mental well-being, so each person is led by purpose.
On is an Equal Opportunity Employer. We are committed to creating a work environment that is fair and inclusive, where all decisions related to recruitment, advancement, and retention are free of discrimination.