General Information

Req #
Career area:
Cloud Computing
United States of America
North Carolina
Monday, October 4, 2021
Working time:

Why Work at Lenovo

Here at Lenovo, we believe in smarter technology for all, so we spend our time building a society that’s brighter and more inclusive. And we go big. No, not big—huge. 

We’re a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions, services and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere. 

The one thing that’s missing? Well… you...

Description and Requirements

What You’ll Do:

This position is for a Global Security Standards and Compliance Lead Architect in the Security Center of Excellence for the PC and Smart Device Business(PCSD). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a team of Sr. security architects to help assess risk and to design risk remediation and mitigation strategies and tactics.  You will be asked to evaluate Lenovo business units and product lines for alignment to many different NIST and ISO Standards, CSA CCM, GDPR, CCPA, PCI, HIPAA and others. This role will work hand in hand with business executives, product managers, architects, engineers, devops and developers to conduct assessments and to build and present reports and remediation plans and roadmaps. After you report findings and produce remediation reports you will work with the business teams to help them mitigate the issues you and your team members find. Other members of the security team will also work with you to assess the overall security and risk of the products you are testing. You’ll stay up to date with the industry’s latest global, national and regional security standards and regulations.

As a lead member of the team, you’ll be mentoring and coaching other team members on your immediate team on how to align with the security standards and regulations relevant for our products. This position will be keeping metrics and KPIs to track assessment work and alignment to standards over time ensuring that growth, improvements, and gaps are accurately communicated to management. You’ll work with development teams to coordinate tests and ensure that products are tested within an appropriate time frame. As a team leader you will be assisting in communicating the priority and risk of both your and other team member’s security findings to Business Unit Teams. You will have excellent organizational and communication skills ensuring that development teams, other security team members and management are well informed of the penetration testing team’s activities. You will ensure the team is using documented, standard and appropriate  testing mythologies.

In Summary you will:

  • Perform security program and security control  reviews of PCSD Business Units, their products,  and of 3rd party Vendors and Partners and their products against relevant security standards and regulation
  • Work with development and security teams to find and advise on remediation of security issues, and to help ensure they are mitigated or remediated.
  • Stay up to date on the latest security standards and regulations relevant to PCSD business units around the world and ensure both yourself and all relevant teams are using the most effective methods to align with those standards and regulations.
  • Coach and mentor other members of the Security team and Business Unit teams on how to interpret and apply all relevant standards and regulations to ensure alignment with them.
  • Ensure proper KPIs and metrics are being recorded and actioned as appropriate
  • Scope, plan and lead execution of security standards and security regulations assessments for 3rd party vendors, Lenovo Partners and Lenovo Business Units.

Position Requirements

Basic Qualifications:

  • Bachelor’s degree in a relevant field or equivalent relevant experience
  • 5+ years of cybersecurity experience
  • 5+ years of experience with the major global security standards & regulations.
  • 5+ years of experience in cyber security auditing
  • 2+ years of acting in a team lead capacity
  • 2+ years of mentoring and coaching others in technical roles.
  • Strong written and verbal communications and interpersonal skills
  • Ability to work independently as well as function as an integral part of a team, take initiative and ownership in a fast-paced environment
  • Ability to successfully work across regions and functions to solve problems and get things done
  • Ability to work independently under tight deadlines, responding to changing business and technical conditions with minimal direction.
  • In depth experience with auditing global organizations against SOC II, CSA CCM, ISO 27001, ISO 27001, ISO 27001, ISO 27017 & ISO 27018, PCI, GDPR, CCPA and others. 
  • Must be able to build clear assessment reports with detailed remediation plans and roadmaps and then work with business units to help them execute the remediation plans and roadmaps to complete alignment with these standards and regulations as quickly as possible.
  • Experience working as a GRC Security Auditor for a global security consulting firm

Preferred Qualifications:

  • Master’s Degree in a relevant field
  • Work with product team to create and execute detailed remediation roadmaps after assessments are completed
  • Review industry standards and regulations, new partner technologies, marketing and customer requirements and create actionable plans to aid product team for feature planning.
  • Knowledge of Agile processes
  • Experience working in a development environment.
  • Pen Testing Certifications such as - SANS certifications such as GIAC Cloud Penetration Tester (GCPN), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Incident Handler (GCIH), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT), GIAC Reverse Engineering Malware (GREM), and GIAC Exploit Researcher and Advanced Penetration Tester (GXPN). EC-Council certifications such as Certified Ethical Hacker (ANSI or Practical). Offensive security certifications such as Offensive Security Certified Professional (OSCP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Web Expert (OSWE), Offensive Security Exploit Developer (OSED), and Offensive Security Exploitation Expert (OSEE
  • Industry security certifications such as CISSP, Security+, etc.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.