Job Description

Description and Requirements Lenovo (HKSE: 992) (ADR: LNVGY) is a US$60 billion revenue Fortune Global 500 company serving customers in 180 markets around the world. Focused on a bold vision to deliver smarter technology for all, we are developing world-changing technologies that power (through devices and infrastructure) and empower (through solutions, services and software) millions of customers every day and together create a more inclusive, trustworthy and sustainable digital society for everyone, everywhere. To find out more visit https://www.lenovo.com,and read about the latest news via our StoryHub. Security Governance, Risk & Compliance Leader Description and Requirements Come be a part of the next generation of Managed Services and Solutions at Lenovo! This position is for a Security Governance and Risk Leader in the Solutions & Services Group (SSG). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry.You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics. This role will work hand in hand with business executives, product managers, architects, engineers, dev-ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management. What you\'ll be doing Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite Directing and conducting ongoing risk analysis organization-wide to uphold the GRC program Developing metrics and KPIs to monitor progress and enable prioritization of management action Providing constructive advice and challenge on the management of cyber risks throughout the organization Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats Creating, developing and maintaining security policies and practices Directing and advising design, service, operations teams on security requirements and implementation Establishing and maintaining a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU\'s General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards. Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directives Liaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws. Providing SME support to other business functions Demonstrating leadership, providing support and mentoring to other members of the security management team. What you\'ll need CISSP/CISM/CRISC/CISA or similar level qualification Strong operational experience of managing cyber security and risk within fast-paced technology environments Knowledge of security compliance across differing technology solutions, contracts and industries Organizational management skills with a track record of delivering GRC projects under tight deadlines Experience of leading security audits and conducting consulting engagements Knowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworks The ability to create, develop and maintain security policies and practices A good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threat Experience of security tools and technology Excellent communications skills and stakeholder management experience Ability to think of long-term strategic solutions as well as immediate resolutions to problems Excellent problem solving, critical thinking, analytical and decision making skills

Monster