Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub. Description and Requirements
Job Responsibilities:
· Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats.
· Providing constructive advice and challenge on the management of cyber risks throughout the organisation.
· Working closely with IT and other stakeholders to ensure a multi-layered approach to cyber security is adopted, ensuring the confidentiality, integrity and availability of IT services.
· Creating, developing and maintaining security policies and practices.
· Coordinating advanced technical engagements ranging from, but not limited to, risk assessments, penetration testing, application security, business continuity, third parties and compliance reviews.
· Analysing technical vulnerabilities and providing impact assessments and managing the vulnerability management process.
· Integrating into the software development security lifecycle (SDL) and DevSecOps, directing and advising design, service, operations teams on security requirements coding standards, and implementation, configuration good practice and hardening techniques.
· Helping analyse and mitigate incidents raised to the information security team
· Providing a Risk Management approach to ensure information security solutions and controls are commensurate to the business risks.
· Providing support and mentoring to other members of the security management team.
Job Requirements:
· CISSP/CISM/CISA/CEH or similar level qualification.
· A high level of technical knowledge of architectural techniques, such as threat modelling to prevent, mitigate and manage security threat.
· Have a deep understanding of cloud computing and possess knowledge and experience related to cloud computing security compliance and operations.
· Strong experience with SDL and DevSecOps methodology & Continuous Improvement/Continuous Development, driving development teams to implement security left shift in the development process.
· Operational Cyber security management experience gained in, or working as part of a Managed Service provider.
· Knowledge of ISO27001, NIST, CIS and other similar standards/frameworks
· Strong operational experience of managing cyber security and risk within fast-paced technology environments.
· Familiar with penetration testing theory and commonly used tools, able to perform source code scanning, basic penetration testing and provide improvement suggestions.
· Experience of SIEM solutions, incident management and reporting
· Excellent communications skills and stakeholder management experience
· Ability to think of long-term strategic solutions as well as quick resolutions to problems.
· The ability to create, develop and maintain security policies and practices.
· Excellent problem solving, critical thinking, analytical and decision-making skills.
· Good English, written and spoken.
Additional Locations: * China - Beijing - 北京(Beijing) * China * China - Beijing * China - Beijing - 北京(Beijing)