Lenovo

Lenovo Infrastructure Solutions Group’s (ISG) Product Security Office (PSO) is seeking a Product Security Engagement Program Manager to support Lenovo ISG’s Secure Development Lifecycle activities and directly contribute to maintaining a high-level of security in the products we provide to our customers. This position joins an established product security team which supports Lenovo ISG’s growing and evolving product security needs through securing an expanding product and service portfolio.

This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; a proven record of success in developing internal stakeholder engagement and education programs across all phases; experience with analyzing external security standards to build internal artifacts; supporting compliance programs to achieve industry certifications; the ability to multi-task across several projects concurrently, adapt, and grow deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.

Primary responsibilities:  The ideal candidate for this Product Security Engagement Program Manager role should have a successful record in developing internal stakeholder engagement and education programs across all phases, leveraging internally developed standards, policies, guidelines and other documentation to promote engagement with internal technical users, such as developers. Responsibilities also include advancing product security compliance with security standards through user awareness, tracking metrics to measure compliance with security standards, and building compliance solutions or programs to meet certification requirements. Continue to advance the ISG PSO program focused on cultivating security knowledge and training for users, or Security Champions, embedded in development teams. Additionally, the ideal candidate will be able to multi-task, adapt, and service diverse security needs; own and prioritize and accreditation efforts.

Representative responsibilities include:

• Developing and maintaining a product security engagement and education program
• Creating and socializing security guidance, compliance, and standards documentation Researching, designing, and educating others on security best practices, standards, requirements, procedures, training materials, etc.
• Working with peers, security leadership, developers and cross-functional teams to improve security engagement with continually evolving business and market needs and expectations
• Maintaining an open, thoughtful, respectful, and collaborative team environment
• Assessing products, services, and organizational units for compliance with security requirements
• Analyzing industry standards, guidance, legislation, etc. for applicability, to identify gaps, and to recommend actions and solutions
• Leading assigned product, service, and/or organizational security certification activities across all phases
• Coordinating and tracking finding remediations in accordance with relevant industry standards

Position Requirements

Basic Qualifications:

• Bachelor’s or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred
• Non-degree candidates with additional years of relevant work experience
• 8+ years of industry experience in program or project management with relevant degree
• At least 3+ years of demonstrated experience in security awareness/education, product security engagement, or product security program management

• Experience successfully designing and managing internal user engagement or education programs is preferred
• Practical experience defining and gathering metrics to measure product security compliance to internal and external standards
• Knowledge of secure software development concepts
• Practical experience analyzing and documenting gap analyses between current-state and security standard compliant-state
• Maintain current knowledge of security standards and monitor advancements to ensure organizational adaptation and compliance
• Familiarity with industry and government security standards and compliance frameworks, including one or more of the following: ISO 27000-series, NIST SP 800-series, Common Criteria (CC), European Union Cybersecurity Certification (EUCC), NIST Secure Software Development Framework, Building Security In Maturity Model (BSIMM), O-TTPS / ISO 20243, and similar
• Preferred industry certifications: One or more of PMP, CAPM, CISSP, CISM or similar
• Integrating security into and socializing security initiative for pre-existing processes and technical environments
• Strong collaboration skills over application sharing platforms and teleconferencing

Key Personal Traits:

• Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts – all with respect, equity, and professionalism
• Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
• Team player, self-starter and entrepreneurial spirit
• Receptive to feedback and guidance from colleagues
• A critical thinker and problem solver, who is naturally curious and a consummate learner
• A good communicator with strong verbal and written presence, capable of clearly explaining and documenting security needs
• Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts
• Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands
• Self-motivated and desire to independently drive the maturity of solutions
• Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that “not today” doesn’t mean “not ever”

Citizenship Requirement:

• Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered

Travel:

• 5% (travel typically not needed, but possible on occasion)