Sr. Manager, Product & Services Security

* United States of America - North Carolina - Morrisville

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via our StoryHub .

In partnership with security leaders across Lenovo the Sr Manager, Product & Services Security will oversee development of or enhancements to as well as compliance with Lenovo’s security policies and programs for customer product, service and solution offerings. This person must be a strategic thinker, thought leader, & strong collaborator. Strong management and cybersecurity technical expertise are key. The candidate must have a clear understanding of the current cyber security threat landscape facing the technology industry and experienced with the latest secure software development methodologies, AI technologies, security operations, services, solutions and product security, infrastructure security, and global cyber security standards & regulations. Must have passion for cybersecurity, technology, engineering, safety and the knowledge that it begins with people and process.

Responsibilities:

Working closely with Lenovo business unit security leaders, the Senior Manager, Product and Services Security is responsible for maintaining and continuing oversight of an enterprise-wide Product and Services Security Program by:

• Providing oversight and governance for the product (including software), services and solutions global security policies, training programs and standards that govern Lenovo’s product security practices such as Lenovo’s Secure Development Lifecycle, Software Security Review Board, AI Governance, PSIRT process or Trusted Supplier Program on behalf of the Chief Security Office
• Working with peer business unit stakeholders and security leaders to periodically update Lenovo’s Product and Services Security Policies and Standards in order to continuously improve the cybersecurity reputation of Lenovo and its relationship with its customers.
• Working collaboratively and cross-functionally with internal business stakeholders on the implementation, governance and compliance of the Lenovo Product and Services Security Program and developing recommended mitigation and remediation actions for communication with stakeholders
• Evangelizing and training emerging business teams on Lenovo secure development and vulnerability management policies and providing consultancy support where appropriate for development of business unit offering security programs aligned with Lenovo requirements
• Partnering with business stakeholders across the company to develop training programs to raise awareness of product and AI security risk and mitigation options.
• Monitoring and, where appropriate, engaging in industry initiatives designed to influence cybersecurity standards and regulations worldwide for the benefit of Lenovo and its stakeholders
• Working with security teams and legal and business stakeholders to lead initiatives designed to operationalize new cyber security legislation
• Partnering with business stakeholders across the company to develop an offering escalation process to raise awareness of higher risk offerings and potential mitigations for evolving risk profiles.
• Reporting on Product and Services Security programs, practices, projects and metrics to the CSO, Chief Security Office Executive Leadership Team and other leadership stakeholders, when required
• May include some domestic or international travel

Basic Qualifications:

• Bachelors Degree in Cyber Security or Technology related field.
• 12+ years cyber security experience in areas such as security architecture & design, security engineering, security operations, security auditing or security risk management experience.
• 5+ years of management and leadership experience, including coaching, consensus building, and ability to effectively manage resources to address competing priorities. Ability to manage cross functional teams to achieve desired business results.

Preferred Qualifications:

• Knowledge of security standards relating to AI as well as Cloud based Software as a Service (SaaS) architectures, security risks, and security controls a plus. This includes cloud security, web applications, mobile applications, and IoT devices.
• Professional cyber security certifications (CISSP, CCSP, CSSLP, GICSP, CEH, CCISO, CCSK, SANS GIAC Certifications like GSLC, GWAPT, GWEB, GCIH, etc).
• Cyber Security Standards Experience - OWASP, CIS Benchmarks, OpenSAMM, NIST 800 Series, NIST CSF, SOC II, ISO 27000 Series. Cyber Security Regulations Experience - including EU AI Act, GDPR & CCPA Experience
• Ability to translate a business agenda into technology terms and vice versa.
• Excellent interpersonal, written and verbal communications and collaboration skills; demonstrated ability to communicate highly technical concepts to non-technical audiences.
• Ability to comfortably work in a highly matrixed global environment.
• Knowledge and experience with technology trends and developments.
• Knowledge of Cybersecurity organization practices, operations risk management processes, principles, and engineering threats and vulnerabilities, including incident response methodologies.

Additional Locations: * United States of America - North Carolina - Morrisville

If you require an accommodation to complete this application, please contactability@lenovo.com