General Information

Req #
WD00030181
Career area:
Information Technology
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Thursday, May 12, 2022
Working time:
Full-time
Additional Locations: 
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. And we go big. No, not big—huge. 

We’re a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions, services and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere. 

The one thing that’s missing? Well… you...

Description and Requirements

Lenovo is currently seeking Global Product and Services Security Leader to join our dynamic and focused team in Lenovo’s Chief Security Office (CSO). Lenovo, a Global Fortune 500 company, is an innovative technology company with an exciting, fluid and fast-paced environment that continues to evolve and grow and thus has a need to regularly review and enhance our security policies and programs to match that transformation. Consequently, the CSO is looking for an experienced security professional to help facilitate security related program initiatives for our products, services and other offerings across the Lenovo global organization. Lenovo’s Offering Security Program is designed to ensure Lenovo achieves our commitment to offer products, services and solutions that meet or exceed industry standards for security throughout the entire lifecycle of our products and offerings.

In partnership with security leaders in Lenovo’s various business units, this role will oversee development of or enhancements to as well as compliance with Lenovo’s security policies and programs for customer product, service and solution offerings.  This person must be a strategic thinker, thought leader, & strong collaborator. Strong management and cybersecurity technical expertise are key. The candidate must have a clear understanding of the current cyber security threat landscape facing the technology industry and experienced with the latest secure software development methodologies, cloud security requirements, security operations, services, solutions and product security, infrastructure security, and global cyber security standards & regulations. Must have passion for cybersecurity, technology, engineering, safety and the knowledge that it begins with people and process.

Responsibilities:

Working closely with Lenovo business unit security leaders, the Global Offerings Security Leader is responsible for maintaining and continuing oversight of an enterprise-wide Offering Security Program by:

  • Providing oversight and governance for the product (including software), services and solutions global security policies, training programs and standards that govern Lenovo’s offering security practices such as Lenovo’s Secure Development Lifecycle, Software Security Review Board, PSIRT process or Trusted Supplier Program on behalf of the Chief Security Office
  • Working with peer business unit stakeholders and security leaders to periodically update Lenovo’s Offering Security Policies and Standards in order to continuously improve the cybersecurity reputation of Lenovo and its relationship with its customers.
  • Working collaboratively and cross-functionally with internal business stakeholders on the implementation, governance and compliance of the Lenovo Offering Security Program and developing recommended mitigation and remediation actions for communication with stakeholders
  • Evangelizing and training emerging business teams on Lenovo Offering Security Policies and providing consultancy support where appropriate for development of business unit offering security programs aligned with Lenovo requirements
  • Partnering with business stakeholders across the company to develop training programs to raise awareness of offering security risk and mitigation options.
  • Monitoring and, where appropriate, engaging in industry initiatives designed to influence cybersecurity standards and regulations worldwide for the benefit of Lenovo and its stakeholders
  • Working with security teams and legal and business stakeholders to lead initiatives designed to operationalize new cyber security legislation
  • Partnering with business stakeholders across the company to develop an offering escalation process to raise awareness of higher risk offerings and potential mitigations for evolving risk profiles.
  • Reporting on Offering Security Programs, practices, projects and metrics to the CSO, Chief Security Office Executive Leadership Team and other leadership stakeholders, when required
  • May include some domestic or international travel

Required Qualifications:

  • Bachelors Degree in Cyber Security or Technology related field.
  • 10+ years cyber security experience in areas such as security architecture & design, security engineering, security operations, security auditing or security risk management experience.
  • 5+ years of management and leadership experience, including coaching, consensus building, and ability to effectively manage resources to address competing priorities. Ability to manage cross functional teams to achieve desired business results.
  • Ability to comfortably work in a highly matrixed global environment
  • Knowledge and experience with technology trends and developments
  • Knowledge of Cybersecurity organization practices, operations risk management processes, principles,  and engineering threats and vulnerabilities, including incident response methodologies.

Following Qualifications are a Plus:

  • Knowledge of security standards relating to AI as well as Cloud based Software as a Service (SaaS) architectures, security risks, and security controls a plus. This includes cloud security, web applications, mobile applications, and IoT devices.
  • Multiple Professional cyber security certifications from this list (CISSP, CCSP, CSSLP, GICSP, CEH, CCISO, CCSK, SANS GIAC Certifications like GSLC, GWAPT, GWEB, GCIH, etc).
  • Cyber Security Standards Experience - OWASP, CIS Benchmarks, OpenSAMM, NIST 800 Series, NIST CSF, SOC II, ISO 27000 Series, CSA and PCI Standards. Cyber Security Regulations Experience - including GDPR & CCPA Experience
  • Ability to translate a business agenda into technology terms and vice versa.
  • Excellent interpersonal, written and verbal communications and collaboration skills; demonstrated ability to communicate highly technical concepts to non-technical audiences.
*We are open to this role being remote for someone on East Coast or Central time zones*
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* Morrisville - North Carolina - United States of America