Lenovo

Security Compliance and Assurance Auditor

This position is for a Cyber Security Auditor in the Solutions & Services Group (SSG).  This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to help assess risk and to implement risk remediation and mitigation strategies and tactics. 

This role will work hand in hand with business executives, product managers, architects, engineers, devops and developers to conduct assessments and to build and present reports and remediation plans and roadmaps. After you report findings and produce remediation reports you will work with the business teams to help them mitigate the issues.

This position will be keeping metrics and KPIs to track assessment work and alignment to standards over time ensuring that growth, improvements, and gaps are accurately communicated to management. You’ll work with development and operations teams to coordinate tests and ensure that solutions are tested within an appropriate time frame.

What you'll be doing

• Assessing and advising design, service, operations teams on security requirements and implementation.
• Provide constructive advice and challenge on the management of cyber risks throughout the organisation
• Work closely with IT and other stakeholders to ensure a multi-layered approach to cyber security is adopted, ensuring the confidentiality, integrity and availability of IT services
• Advising design, service, operations teams on security requirements and implementation.
• Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
• Providing SME support to other business functions
• Providing a Risk Management approach to ensure information security solutions and controls are commensurate to the business risks
• Create, develop and maintain security policies and practices

What you'll need

• CISSP/CISM/CISA/CEH/ or similar level qualification
• Security management experience gained in, or working as part of a Managed Service provider
• Knowledge and experience of ISO27001, NIST, CIS and other similar standards/frameworks
• Strong operational experience of managing cyber security and risk within fast-paced technology environments
• Experience of security tools and technology
• Good working knowledge of architectural techniques to prevent, mitigate and manage security threat
• Experience of consulting engagements on cyber management
• Excellent communications skills and stakeholder management experience
• Strong knowledge of security compliance or operations with a broad technical security background
• Ability to think of long-term strategic solutions as well as immediate resolutions to problems
• Create, develop and maintain security policies and practices
• Excellent problem solving, critical thinking, analytical and decision making skills