IT Security Manager (ITSM)

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via our StoryHub .

IT Security Manager Key Responsibilities:

1. Cyber Vigilance:
- Monitor and analyze security event logs to identify potential security incidents.
- Respond to security incidents in a timely and effective manner, ensuring minimal disruption to business operations.

2. Risk Management:
- Conduct risk assessments and vulnerability management to identify potential security threats.
- Develop and implement mitigation strategies to minimize risk.

3. Compliance and Governance:
- Ensure compliance with IT security policies, regulations, and standard e.g IM8 , PDPA.
- Develop and maintain security policies, procedures, and guidelines.

4. Incident Response:
- Develop and maintain incident response plans and procedures.
- Coordinate incident response efforts with stakeholders, including IT teams and management.

5. Security Awareness and Training:
- Promote security awareness and training programs for employees.
- Develop and deliver security training sessions to enhance employee knowledge and skills.

6. You Will:

• First person and POC for all security incidents and escalations
• The ITSM shall inform the parties listed in the Technical SOP within the Expected Response Timeline of the Incident Management.
• The information to be provided shall include the incident reference number, description, date and time and the impact (including who had been affected) of the incident.
• To administer, maintain and assess the implementation of security processes.
• To develop System Owner support for acquiring and sustaining adequate resources for incident response.
• To be the corporate intermediary for coordinating communications between System Owner and incident response personnel.
• To serve as a trusted custodian of incident information for ensuring the preservation and admissibility of evidence.
• To ensure the compliance with the required IT security policies.
• To perform the logs review in all security system managed by our operational team
• To review system security logs and to work with the client manager and onsite technical team on follow up actions.
• To perform regular policy review and enhancement to ensure all are in line with agency requirements.
• To promote IT security awareness, latest risk and cyber responsibility.
• To participate in incident response table-top exercises, simulation and drills either conducted internally by the contractor or as required by client.

Resolution for Preventing Recurrence of Security Incidents
• For cases where workarounds are implemented, the ITSM shall identify the root causes and implement permanent resolutions according to the Problem Management process.
• To assist with management/containment/remediation/eradication of security incident
• To assist with Risk assessment and ensure minimising the risk exposure of IT asset and improve the cyber security posture.
• The ITSM shall be responsible to close all IT security incidents in accordance with the Incident Management process.
• For every IT security incident, the ITSM shall submit to the client an incident report in draft within one (1) day and a final version within three (3) days of incident resolution, unless otherwise agreed by the client.
• The incident record shall be closed only when the incident report is accepted by the client. The client reserved the right to verify the details in the incident report against the associated incident record maintained by the ITSM. The incident report shall be in the format defined by the client.

7. He/ She is required to participate in following audit activities performed by client’s 3rd party auditors or internal auditors:
(a) IT Security Review
(b) IT Vulnerability Assessment
(c) IT Security Penetration Testing
(d) IT Security Compliance Review


You bring:

1. Minimum 5 - 7 years of IT experience in cybersecurity management, with a focus on incident response, vulnerability management, with governance risk and compliance.
2. Hands-on experience with security technologies, either one of the following
- Application Security
- Open Web Application Security
- Penetration Testing
- Vulnerability management systems (e.g., Tenable, Nessus)
- Security information and event management (SIEM) systems
- Identity and access management (IAM/PAM/MFA) systems
3. Industry-recognized certifications, must have at least one of :
- CISSP
- CISM
- GIAC/CISA
- CEH, or any other professional security certification will have an added advantage
4. Strong analytical and problem-solving skills, with the ability to analyze complex security issues and develop effective solutions.
5. Excellent communication and interpersonal skills, with the ability to communicate technical information to non-technical stakeholders.

#LPS

Additional Locations: * Singapore - Central Singapore - Singapore * Singapore - Central Singapore - SINGAPORE

If you require an accommodation to complete this application, please contactability@lenovo.com