General Information

Req #
WD00043860
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Wednesday, November 16, 2022
Working time:
Full-time
Additional Locations: 
* New York - New York - United States of America
* Philadelphia - Pennsylvania - United States of America
* Bedminster - New Jersey - United States of America
* Morrisville - North Carolina - United States of America

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology that builds a brighter, more sustainable and inclusive future for our customers, colleagues, communities, and the planet.

And we go big. No, not big—huge.

We’re not just a US$70 billion revenue Fortune Global 500 company, we’re one of Fortune’s Most Admired. We’re transforming the world through intelligent transformation, offering the world’s most complete portfolio of smart devices, infrastructure, and solutions. With more than 71,500 employees doing business in 180 markets, we help millions—not just the select few—experience our version of a smarter future.

The one thing that’s missing? Well… you...

Description and Requirements

Lenovo Infrastructure Solutions Group’s (ISG) Product Security Office (PSO) is seeking a Security Certification Program Manager to support Lenovo ISG’s Secure Development Lifecycle activities and directly contribute to maintaining a high-level of security in the products we provide to our customers. This is a new position, joining a growing product security team in securing an expanding product and services portfolio and supporting the business’ evolving security needs.

This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; a proven record of success in earning product, service, and/or organizational security certifications across all phases; the ability to multi-task across several projects concurrently, adapt, and develop deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.

Primary responsibilities:  The ideal candidate for this security certification product manager role should have a successful record in driving product, service, and/or organizational security certifications, such as ISO 27001, across all phases including inception, scoping, gap analyses, consulting with internal teams, presenting findings, remediation, certification, external audit engagements, maintaining risk register/POA&Ms, and re-certification. Additionally, the ideal candidate will be able to multi-task, adapt, and service diverse security needs; own and prioritize initiatives; directly contribute to delivery; and help shape organizational direction of future certification and accreditation efforts.

Representative responsibilities include:

  • Leading product, service, and/or organizational security certification activities across all phases
  • Analyzing industry standards, guidance, legislation, etc. for applicability, to identify gaps, and to recommend actions and solutions
  • Working with peers, security leadership, and cross-functional teams to align security execution with continually evolving business and market needs and expectations
  • Maintaining an open, thoughtful, respectful, and collaborative team environment
  • Researching, designing, developing, and educating others on security best practices, standards, requirements, tactics, procedures, training materials, etc.
  • Assessing products, services, and organizational units for compliance with security requirements
  • Coordinating and tracking finding remediation's in accordance with relevant industry standards
  • Interfacing with cross-functional teams and technical resources to gather supporting evidence and prepare for third-party assessment engagements
  • Creating security guidance, compliance, and standards documentation

Position Requirements

Basic Qualifications:

  • Five-plus (5+) years of experience in security certification, security accreditation, compliance, or managing an ISO 27001 program
  • Experience successfully designing and managing an ISO 27001, NIST RMF, FedRAMP, SOC II, or similar certification program is preferred
  • Practical experience analyzing and documenting gap analyses between current-state environments and security standard compliant-state
  • Maintain current knowledge of security standards and monitor advancements to ensure organizational adaptation and compliance
  • Knowledge of secure software development fundamentals
  • Practical experience managing and working with 3rd-party pre-assessment and certification firms
  • Deep understand of industry and government security standards and compliance, including one or more of the following: ISO 27000-series, NIST Risk Management Framework (RMF), FISMA, FedRAMP, NIST SP 800-series, NIST Cybersecurity Framework, NIST Secure Software Development Framework, AICPA TSC, Building Security In Maturity Model (BSIMM), PCI-DSS, O-TTPS / ISO 20243, and similar
  • Originating security processes, standards, and requirements
  • Integrating security into pre-existing processes and technical environments
  • Experience leading and coordinating cross-functional teams to achieve long term objectives such as third-party assessment engagements
  • Strong collaboration skills over application sharing platforms and teleconferencing

Key Personal Traits:

  • Self-motivated and results driven
  • Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts – all with respect, equity, and professionalism
  • Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
  • A critical thinker and problem solver, who is naturally curious and a consummate learner
  • A good communicator with strong verbal and written presence, capable of clearly explaining and documenting security needs
  • Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands
  • Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that “not today” doesn’t mean “not ever”
  • Comfortable managing upwards

Education and Certification Requirements:

  • Bachelor’s degree in computer science, Information Security, Cybersecurity, Management Information Systems, or related degree; Master’s degree is preferred
  • Security certifications: One or more of CISSP, CSSLP, CISM, CISA, or similar

Travel:

5% (travel typically not needed, but possible on occasion post-COVID)

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.

Lenovo adopted a COVID-19 Vaccination Policy for US-based employees. As a condition of employment, employees must adhere to Lenovo’s US Vaccination Policy and be fully vaccinated against COVID-19, subject to any applicable accommodations. To be fully vaccinated means individuals must receive the full series of a vaccine either approved by the FDA or WHO and listed by the CDC (e.g. two dose of the Moderna, AstraZeneca or Pfizer-BioNTech vaccines; or one dose of the Johnson & Johnson vaccine). This applies to all US-based employees, contractors and interns, regardless of work location. As a condition of employment, you must provide proof that you are fully vaccinated or follow Lenovo’s accommodation process.

* New York - New York - United States of America, * Philadelphia - Pennsylvania - United States of America, * Bedminster - New Jersey - United States of America, * Morrisville - North Carolina - United States of America