IT Security Manager (ITSM)

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

1. Cyber Vigilance

• Monitor and analyze security event logs to identify potential security incidents.
• Respond to security incidents in a timely and effective manner, ensuring minimal disruption to business operations.

2. Risk Management

• Conduct risk assessments and vulnerability management to identify potential security threats.
• Develop and implement mitigation strategies to minimize risk.

3. Compliance and Governance

• Ensure compliance with IT security policies, regulations, and standard e.g IM8 , PDPA.
• Develop and maintain security policies, procedures, and guidelines.

4. Incident Response

• Develop and maintain incident response plans and procedures.
• Coordinate incident response efforts with stakeholders, including IT teams and management.

5. Security Awareness and Training

• Promote security awareness and training programs for employees.
• Develop and deliver security training sessions to enhance employee knowledge and skills.

Minimum 5 -7 years of IT experience in cybersecurity management, with a focus on incident response, vulnerability management, with governance risk and compliance.

2. Hands-on experience with security technologies, either one of the following

• Application Security
• Open Web Application Security
• Penetration Testing
• Vulnerability management systems (e.g., Tenable, Nessus)
• Security information and event management (SIEM) systems
• Identity and access management (IAM/PAM/MFA) systems

3. Industry-recognized certifications, must have at least one of

• CISSP
• CISM
• GIAC/CISA
• CEH, or any other professional security certification will have an added advantage

4. Strong analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.

5. Excellent communication and interpersonal skills, with the ability to communicate technical information to non-technical stakeholders.

• 1. Experience with cloud security, including AWS or Azure or GCP
• 2. Knowledge of federal information security regulations, such as FISMA or FIPS.
• 3. Experience and knowledgeable in security frameworks, such as ISO 27001, Zero Trust framework , NIST Cybersecurity Framework , CIS hardening etc.

#LPS