基本信息

职位编号:
WD00048719
工作领域:
Information Technology
国家/地区:
中国
省:
北京
市:
北京(Beijing)
日期:
Monday, January 16, 2023
工作性质:
Full-time
其他工作城市
* China - Beijing - 北京(Beijing)

为什么选择联想

联想是一家成立于中国、业务遍及180个市场的全球化科技公司。联想聚焦全球化发展,树立了行业领先的多元企业文化和运营模式典范,服务全球超过10亿用户。作为值得信赖的全球科技企业领导者,联想助力客户,把握明日科技,变革今日世界。

联想作为全球领先ICT科技企业,秉承“智能,为每一个可能”的理念,为用户与全行业提供整合了应用、服务和最佳体验的智能终端,以及强大的云基础设施与行业智能解决方案。

联想 - 没有天花板的舞台,赶快加入我们吧!

职位描述和要求:

Come be a part of the next generation of Managed Services and Solutions at Lenovo! This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions & Services Group (SSG).  This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics. 

This role will work hand in hand with business executives, product managers, architects, engineers, dev-ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs; scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.

What you'll be doing

  • Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite
  • Directing and conducting ongoing risk analysis organization-wide to uphold the GRC program
  • Developing metrics and KPIs to monitor progress and enable prioritisation of management action
  • Providing constructive advice and challenge on the management of cyber risks throughout the organisation
  • Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
  • Creating, developing and maintaining security policies and practices
  • Directing and advising design, service, operations teams on security requirements and implementation
  • Establishing and maintaining a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU’s General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards.
  • Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directives
  • Liaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
  • Providing SME support to other business functions
  • Demonstrating leadership, providing support and mentoring to other members of the security management team.

What you'll need

  • Fluent English
  • CISSP/CISM/CRISC/CISA or similar level qualification
  • Strong operational experience of managing cyber security and risk within fast-paced technology environments
  • Knowledge of security compliance across differing technology solutions, contracts and industries
  • Organizational management skills with a track record of delivering GRC projects under tight deadlines
  • Experience of leading security audits and conducting consulting engagements
  • Knowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworks
  • The ability to create, develop and maintain security policies and practices
  • A good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threat
  • Experience of security tools and technology
  • Excellent communications skills and stakeholder management experience
  • Ability to think of long-term strategic solutions as well as immediate resolutions to problems
  • Excellent problem solving, critical thinking, analytical and decision making skills

其他工作城市
* China - Beijing - 北京(Beijing)
* China - Beijing - 北京(Beijing)
* China - Beijing
* China