The Adobe Security Organization Based on a platform of transparent, accountable, and informed decision-making, the Adobe security organization brings together the full range of security services under a single governance model. At a senior level, the CSO closely collaborates with the Chief Information Officer (CIO) and Chief Privacy Officer (CPO) to help ensure alignment on security strategy and operations. In addition to the centers of excellence described above, Adobe embeds team members from legal, privacy, marketing, and PR in the security organization to help drive transparency and accountability in all security-related decisions. CIO CSO CPO Application Security Trust & Operational Enterprise Tech GRC/ Incident Marketing Legal & Physical Security Tooling Safety Security Security Compliance Response & PR Privacy Security Engineering Figure 4: The Adobe Security Organization As part of our company-wide culture of security, Adobe requires that every employee completes our security awareness and education training, which requires completion and re- certification on an annual basis, helping ensure that every employee contributes to protecting Adobe corporate assets as well as customer and employee data. On hire, our technical employees, including engineering and technical operations teams, are auto-enrolled in an in-depth ‘martial arts’-styled training program, which is tailored to their specific roles. For more information on our culture of security and our training programs, please see the Adobe Security Culture white paper. 10