Lenovo
* United States of America - North Carolina - Morrisville
Why Work at Lenovo We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world‑changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo’s world‑changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.
Description and Requirements Come be a part of the next generation of Managed Services and Solutions at Lenovo! This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions & Services Group (SSG). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics.
This role will work hand in hand with business executives, product managers, architects, engineers, dev‑ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs; scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third‑party risk management.
What you’ll be doing
Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite
Directing and conducting ongoing risk analysis organization‑wide to uphold the GRC program
Developing metrics and KPIs to monitor progress and enable prioritization of management action
Providing constructive advice and challenge on the management of cyber risks throughout the organization
Working cross‑functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
Creating, developing and maintaining security policies and practices
Directing and advising design, service, operations teams on security requirements and implementation
Establishing and maintaining a strategy for managing security‑related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU’s General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards.
Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directives
Liaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Providing SME support to other business functions
Demonstrating leadership, providing support and mentoring to other members of the security management team.
What you’ll need
Strong operational experience of managing cyber security and risk within fast‑paced technology environments
Knowledge of security compliance across differing technology solutions, contracts and industries
Organizational management skills with a track record of delivering GRC projects under tight deadlines
Experience of leading security audits and conducting consulting engagements
Knowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworks
The ability to create, develop and maintain security policies and practices
A good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threat
Experience of security tools and technology
Excellent communications skills and stakeholder management experience
Ability to think of long‑term strategic solutions as well as immediate resolutions to problems
Excellent problem solving, critical thinking, analytical and decision making skills
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations : * United States of America - North Carolina - Morrisville
If you require an accommodation to complete this application, please contactability@lenovo.com
#J-18808-Ljbffr
Why Work at Lenovo We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world‑changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo’s world‑changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.
Description and Requirements Come be a part of the next generation of Managed Services and Solutions at Lenovo! This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions & Services Group (SSG). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics.
This role will work hand in hand with business executives, product managers, architects, engineers, dev‑ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs; scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third‑party risk management.
What you’ll be doing
Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite
Directing and conducting ongoing risk analysis organization‑wide to uphold the GRC program
Developing metrics and KPIs to monitor progress and enable prioritization of management action
Providing constructive advice and challenge on the management of cyber risks throughout the organization
Working cross‑functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
Creating, developing and maintaining security policies and practices
Directing and advising design, service, operations teams on security requirements and implementation
Establishing and maintaining a strategy for managing security‑related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU’s General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards.
Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directives
Liaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Providing SME support to other business functions
Demonstrating leadership, providing support and mentoring to other members of the security management team.
What you’ll need
Strong operational experience of managing cyber security and risk within fast‑paced technology environments
Knowledge of security compliance across differing technology solutions, contracts and industries
Organizational management skills with a track record of delivering GRC projects under tight deadlines
Experience of leading security audits and conducting consulting engagements
Knowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworks
The ability to create, develop and maintain security policies and practices
A good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threat
Experience of security tools and technology
Excellent communications skills and stakeholder management experience
Ability to think of long‑term strategic solutions as well as immediate resolutions to problems
Excellent problem solving, critical thinking, analytical and decision making skills
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations : * United States of America - North Carolina - Morrisville
If you require an accommodation to complete this application, please contactability@lenovo.com
#J-18808-Ljbffr