Head of Security and Architecture

Specialized Bicycle Components - Morgan Hill, CA3.5

Full-timeEstimated: $120,000 - $160,000 a year
Reporting to the CIO, the Head of Security and Architecture will define information security and data privacy strategy & policy for Specialized’s global business. This will include all use of information technology as well as Specialized emerging eCommerce business and connected products. This role will be instrumental in ensuring that the interests of Specialized, Specialized Riders, and dealer network are secured and prepared for the evolving security and privacy landscape.


Establish the strategic direction for a comprehensive information security and data protection program. Oversee the governance and management and advancement of this program.
Ensure operational compliance with all relevant standards (e.g. ISO, SOX, GDPR, PII, PCI, etc.) while serving as an effective liaison for engagement with customers, clients, partners and stakeholders on evolving security-related matters.
Recommend, develop, define and maintain global privacy and information security management policies, standards and procedures and guidelines as necessary to ensure the organization is positioned to meet legal, regulatory and contractual obligations.
Develop and maintain strong measurements and metrics that provide business leadership and stakeholders with visibility into the current state and ongoing improvement of global data privacy key performance indicators.
Work in a matrix technology organization across groups with both functional and geographic responsibilities. This will also include Specialized product groups focused on connected products and the development of our markets through the use of data and analytics.

Ability to lead and motivate across the organization to achieve tactical and strategic goals.
Entrepreneurial spirit and continuously innovates to achieve great results.
Must be a critical thinker, with strong problem-solving skills.
Strong project management, scheduling and resource management skills.
Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
Proven ability to multi-task, thrive and deliver in a highly demanding and evolving corporate environment. Demonstrated ability to regularly re-prioritize risks and plans based on an evolving corporate and regulatory landscape. Savvy enough to push back when risks outweigh opportunities.

BA or BS in information security, business administration, or related area with 8-10 years of experience in a relevant role.
Master’s degree in an IT field is a plus
Master’s in cybersecurity is an even bigger plus
Certification as a Certified Information Systems Security Professional (CISSP)