Lenovo

Key Responsibilities

• Implement and validate technical controls protecting Protected Data, including encryption, logging, monitoring, and system hardening.

• Maintain centralized monitoring of systems processing or storing Protected Data to detect unauthorized access or anomalous activity.

• Ensure all access to Protected Data is logged, traceable, and aligned with NSA requirements.

• Produce and maintain audit-ready technical evidence supporting compliance with the NSA and Data Security Plan.

• Support quarterly and annual reporting requirements, including preparation of access logs and monitoring outputs.

• Validate that systems storing Protected Data remain within Approved Data Storage Locations (NSA Article II.F).

• Support incident detection and response, ensuring Security Incidents are identified and escalated in accordance with NSA reporting timelines (48-hour requirement).

• Coordinate with Access Controls Governance to ensure monitoring aligns with approved access decisions.

• Support third-party audits and CMA-directed reviews by providing technical evidence and system access as required.

Required Skills and Competencies

• Strong experience with security monitoring, logging pipelines, and detection frameworks.

• Knowledge of NIST, ISO, or comparable control frameworks.

• Experience in regulated environments requiring audit evidence and traceability.

• Strong analytical and documentation skills.

Qualifications

• Bachelor’s degree in cybersecurity, computer science, or related field required.

• 8+ years of experience in security engineering, monitoring, or technical compliance roles.

• Experience supporting audits or regulatory reviews preferred.

Citizenship Requirement

U.S. citizenship required.

Availability and Travel

May require availability during security events or compliance deadlines. Limited travel.