Sr. Manager, Cyber Security GRC

Come be a part of the next generation of Managed Services and Solutions at Lenovo! This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions & Services Group (SSG). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics.

This role will work hand in hand with business executives, product managers, architects, engineers, dev-ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs; scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.

What you'll be doing

• Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite
• Directing and conducting ongoing risk analysis organization-wide to uphold the GRC program
• Developing metrics and KPIs to monitor progress and enable prioritization of management action
• Providing constructive advice and challenge on the management of cyber risks throughout the organization
• Working cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
• Creating, developing and maintaining security policies and practices
• Directing and advising design, service, operations teams on security requirements and implementation
• Establishing and maintaining a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU's General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards.
• Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directives
• Liaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Providing SME support to other business functions
• Demonstrating leadership, providing support and mentoring to other members of the security management team.

What you'll need

• CISSP/CISM/CRISC/CISA or similar level qualification
• Strong operational experience of managing cyber security and risk within fast-paced technology environments
• Knowledge of security compliance across differing technology solutions, contracts and industries
• Organizational management skills with a track record of delivering GRC projects under tight deadlines
• Experience of leading security audits and conducting consulting engagements
• Knowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworks
• The ability to create, develop and maintain security policies and practices
• A good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threat
• Experience of security tools and technology
• Excellent communications skills and stakeholder management experience
• Ability to think of long-term strategic solutions as well as immediate resolutions to problems
• Excellent problem solving, critical thinking, analytical and decision making skills