Under Armour is seeking a Director of Information Assurance. The Director of Information Assurance will report directly to the Senior Director of Information Technology and be responsible for developing, implementing, and maintaining the success of the Company’s Information Risk Management program and processes, including information security and quality assurance.
What does this opportunity give me?
What will I do at UA?
- Ownership. Own your job and be accountable for your work
- Exposure. The ability to partner with business units across the organization
- Growth. Potential for career growth is a company initiative
- Pride. Work for a brand that delivers a consistent message every day
Help develop, approve and oversee the implementation and maintenance of an enterprise-wide information security strategy and program to protect both the Company’s information, as well as information that has been entrusted to the organization by our business partners. The Information Security Program may include processes and controls in the areas of:
- Security policy
- Security training and awareness
- Regulatory compliance (SOX, PCI/DSS, etc.)
- Vendor management
- Disaster recovery and business resilience
- Infrastructure, platform, database, application/ERP , and overall data security
- Security logging and monitoring
- Vulnerability management
- Access governance and user management
- Incident response and forensics
- Systems development life cycle
- Merger and acquisition due diligence
- Data privacy
- Litigation assessments
Approve and oversee the implementation of Quality Assurance (QA) processes within IT, which may include the following processes:
- Evaluation and involvement in software selection
- Review of requested changes to the IT environment and evaluation of risk, priority
- Maintenance of an effective test and quality environment for changes and deployments
- Oversee all facets of change management and ITSM
- Facilitate testing for changes and significant technology and application deployments to minimize disruption to the production environment
- Project management and system development lifecycle processes as a part of significant technology projects including new deployments, upgrades, or conversions
- Facilitate readiness reviews over large information technology development projects to ensure that appropriate systems development lifecycle methodologies are consistently applied
GOVERNANCE, RISK AND COMPLIANCE:
What does UA need from me?
- Understand and consult based on information security standards and industry best practices with other teams in IT and within the business and operations
- Serve as the primary liaison with the business, internal audit and risk management team on all matters related to IT risk, governance, and control
- Ensure that IT and business associates receive the appropriate training and are knowledgeable on IT controls, standards and related procedures
- Partner with internal audit to assess compliance with IT controls, standards, and related procedures on an ongoing basis
- Serve as the primary liaison for IT with internal and external audit teams; Track management action plans resulting from audits to ensure timely implementation of controls
Education and/or Experience
- 10-12 years of experience in information security, information technology risk management, audit and/or compliance, with significant experience in information technology control standards and processes, consumer markets experience preferred
- Demonstrated technical abilities in multiple areas (e.g., SAP, BW, WM, Infrastructure, International operations, retail)
- Significant knowledge of information technology processes and controls, and an understanding of risk and quality control and assurance functions
- Significant analytical and critical thinking skills
- Excellent verbal and written communication skills to prepare and present recommendations to senior management
- Ability to influence business and information technology leaders in effective review and management of controls to mitigate risk.
- Understanding of and experience using Information Technology and Information Security risk, governance, and control frameworks such as COBIT, ISO/IEC27000 series, PCI/DSS and ITIL.
- Understanding of compliance requirements and regulations for global public companies in the consumer markets industry.
- Demonstrated ability to be technical and tactical but think, act, and communicate in a strategic manner.
- Demonstrated ability to develop and lead a team of 8-10 individuals with effective performance management to ensure the success of the team in meeting goals and objectives.
What else do I get?
- BA/BS, preferably in Technology, or related field of study required
- Professional risk/audit/ compliance/technology-related certifications preferred (e.g. CPA, CIA, CISA, CISSP, etc.).
- At least 10 to 12 years in information security, risk, compliance and privacy related discipline, demonstrating proficiency with:
- IT Governance frameworks such as COBIT, ITIL and ISO 27000
- Implementation & management of standards-based governance
- Business continuity and disaster recovery design, planning and validation
- Building and managing relationships across organizational, regional and global boundaries
- Collaborating in a team environment
- End-user support
- Opportunity to learn, grow, and innovate alongside an experienced team of eCommerce developers
- Comprehensive benefits program
- Amazing company culture and team environment
- Guard rails to work between, not a box
- Ownership in the brand with our Employee Stock Purchase Program
Under Armour (NYSE: UA) is a leading developer, marketer and distributor of branded performance products for men, women and youth. As of...