Lenovo

Job Responsibilities:

·       Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats.

·       Providing constructive advice and challenge on the management of cyber risks throughout the organisation.

·       Working closely with IT and other stakeholders to ensure a multi-layered approach to cyber security is adopted, ensuring the confidentiality, integrity and availability of IT services.

·       Creating, developing and maintaining security policies and practices.

·       Coordinating advanced technical engagements ranging from, but not limited to, risk assessments, penetration testing, application security, business continuity, third parties and compliance reviews.

·       Analysing technical vulnerabilities and providing impact assessments and managing the vulnerability management process.

·       Integrating into the software development security lifecycle (SDL) and DevSecOps, directing and advising design, service, operations teams on security requirements coding standards, and implementation, configuration good practice and hardening techniques.

·       Helping analyse and mitigate incidents raised to the information security team

·       Providing a Risk Management approach to ensure information security solutions and controls are commensurate to the business risks.

·       Providing support and mentoring to other members of the security management team.

Job Requirements:

·       CISSP/CISM/CISA/CEH or similar level qualification.

·       A high level of technical knowledge of architectural techniques, such as threat modelling to prevent, mitigate and manage security threat.

·       Have a deep understanding of cloud computing and possess knowledge and experience related to cloud computing security compliance and operations.

·       Strong experience with SDL and DevSecOps methodology & Continuous Improvement/Continuous Development, driving development teams to implement security left shift in the development process.

·       Operational Cyber security management experience gained in, or working as part of a Managed Service provider.

·       Knowledge of ISO27001, NIST, CIS and other similar standards/frameworks

·       Strong operational experience of managing cyber security and risk within fast-paced technology environments.

·       Familiar with penetration testing theory and commonly used tools, able to perform source code scanning, basic penetration testing and provide improvement suggestions.

·       Experience of SIEM solutions, incident management and reporting

·       Excellent communications skills and stakeholder management experience

·       Ability to think of long-term strategic solutions as well as quick resolutions to problems.

·       The ability to create, develop and maintain security policies and practices.

·       Excellent problem solving, critical thinking, analytical and decision-making skills.

·       Good English, written and spoken.