Lenovo

This position is for a Global Security Standards and Compliance in the Security Center of Excellence for the PC and Smart Device Business (PCSD). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national, and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will be asked to evaluate Lenovo business units and product lines to alignment to an array of possible security standards and selections that can include NIST, ISO, CSA CCM, PCI, HIPAA or others. This role will work hand in hand with business executives, product managers, architects, engineers, DevOps and developers to conduct assessments and to build and present reports and remediation plans and roadmaps. After you report findings and produce remediation reports you will work with the business teams to help them mitigate the issues you and your team members find. Other members of the security team will also work with you to assess the overall security and risk of the products you are testing. You’ll stay up to date with the industry’s latest global, national, and regional security standards and regulations.

Summary of responsibilities:

• Conduct security program and control reviews for PCSD Business Units, their products, and 3rd party vendors and partners against relevant security standards and regulations, including ISO 27001, CSA STAR and SOC2.
• Collaborate with development and security teams to identify and advise on remediation of security issues, ensuring they are mitigated or resolved.
• Stay informed about the latest security standards and regulations relevant to PCSD business units worldwide, ensuring you and relevant teams use the most effective methods for alignment.
• Mentor other members of the Security team and Business Unit teams, teaching them to interpret and apply all relevant standards and regulations.
• Confirm proper recording and actioning of KPIs and metrics.
• Scope, plan, and lead execution of security standards and regulations assessments for 3rd party vendors, Lenovo Partners, and Lenovo Business Units.

Position Requirements:

Basic Qualifications:

• Bachelor’s degree in a relevant field or equivalent experience
• Minimum 2 years of cybersecurity experience
• Minimum 2 years of experience with major global security standards & regulations
• Minimum 2 years of experience in cybersecurity auditing
• Strong written, verbal communication, and interpersonal skills
• Ability to work independently and as part of a team, taking initiative in a fast-paced environment
• Proficiency in creating clear assessment reports with detailed remediation plans and roadmaps, and guiding business units in executing these plans
• Ability to work under tight deadlines, adapting to changing business and technical conditions with minimal direction

Preferred Qualifications:

• Master’s degree in a relevant field
• Knowledge of Agile processes
• Experience in a development environment
• Experience auditing global organizations against SOC II, CSA CCM, ISO 27001, ISO 27017 & ISO 27018, PCI, GDPR, CCPA, etc.
• Experience as a GRC Security Auditor for a global security consulting firm
• Certifications such as: Certificate of Cloud Auditing Knowledge (CCAK), GIAC Systems and Network Auditor Certification (GSNA), GIAC Critical Controls Certification (GCCC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Security+, etc.