Product Security Engagement Program Manager
Company: Lenovo
Location: Morrisville
Posted on: April 24, 2024
|
|
Job Description:
Product Security Engagement Program Manager
General Information
Req #
WD00063741
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Friday, April 19, 2024
Working time:
Full-time
Additional Locations:
United States of America - North Carolina - Morrisville
Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our
customers.
Lenovo is a US$62 billion revenue global technology powerhouse,
ranked #217 in the Fortune Global 500, employing 77,000 people
around the world, and serving millions of customers every day in
180 markets. Focused on a bold vision to deliver smarter technology
for all, Lenovo has built on its success as the world's largest PC
company by further expanding into growth areas that fuel the
advancement of 'New IT' technologies (client, edge, cloud, network,
and intelligence) including server, storage, mobile, software,
solutions, and services.
This transformation together with Lenovo's world-changing
innovation is building a more inclusive, trustworthy, and smarter
future for everyone, everywhere. To find out more visit
www.lenovo.com , and read about the latest news via ourStoryHub
(https://news.lenovo.com/) .
Description and Requirements
Lenovo Infrastructure Solutions Group's (ISG) Product Security
Office (PSO) is seeking a Product Security Engagement Program
Manager to support Lenovo ISG's Secure Development Lifecycle
activities and directly contribute to maintaining a high-level of
security in the products we provide to our customers. This position
joins an established product security team which supports Lenovo
ISG's growing and evolving product security needs through securing
an expanding product and service portfolio.
This is a dynamic product security role, with the successful
candidate having a solid security knowledge base to draw from; a
proven record of success in developing internal stakeholder
engagement and education programs across all phases; experience
with analyzing external security standards to build internal
artifacts; supporting compliance programs to achieve industry
certifications; the ability to multi-task across several projects
concurrently, adapt, and grow deeper expertise as needed; and be
comfortable taking ownership of projects to ensure effective
delivery.
Primary responsibilities: The ideal candidate for this Product
Security Engagement Program Manager role should have a successful
record in developing internal stakeholder engagement and education
programs across all phases, leveraging internally developed
standards, policies, guidelines and other documentation to promote
engagement with internal technical users, such as developers.
Responsibilities also include advancing product security compliance
with security standards through user awareness, tracking metrics to
measure compliance with security standards, and building compliance
solutions or programs to meet certification requirements. Continue
to advance the ISG PSO program focused on cultivating security
knowledge and training for users, or Security Champions, embedded
in development teams. Additionally, the ideal candidate will be
able to multi-task, adapt, and service diverse security needs; own
and prioritize and accreditation efforts.
Representative responsibilities include:
Developing and maintaining a product security engagement and
education program
Creating and socializing security guidance, compliance, and
standards documentation Researching, designing, and educating
others on security best practices, standards, requirements,
procedures, training materials, etc.
Working with peers, security leadership, developers and
cross-functional teams to improve security engagement with
continually evolving business and market needs and expectations
Maintaining an open, thoughtful, respectful, and collaborative team
environment
Assessing products, services, and organizational units for
compliance with security requirements
Analyzing industry standards, guidance, legislation, etc. for
applicability, to identify gaps, and to recommend actions and
solutions
Leading assigned product, service, and/or organizational security
certification activities across all phases
Coordinating and tracking finding remediations in accordance with
relevant industry standards
Position Requirements
Basic Qualifications:
Bachelor's or above degree in Management Information Systems,
Information Security, Cybersecurity, Computer Science or other
related degree is preferred
Non-degree candidates with additional years of relevant work
experience
8+ years of industry experience in program or project management
with relevant degree
At least 3+ years of demonstrated experience in security
awareness/education, product security engagement, or product
security program management
Preferred Qualifications:
Experience successfully designing and managing internal user
engagement or education programs is preferred
Practical experience defining and gathering metrics to measure
product security compliance to internal and external standards
Knowledge of secure software development concepts
Practical experience analyzing and documenting gap analyses between
current-state and security standard compliant-state
Maintain current knowledge of security standards and monitor
advancements to ensure organizational adaptation and compliance
Familiarity with industry and government security standards and
compliance frameworks, including one or more of the following: ISO
27000-series, NIST SP 800-series, Common Criteria (CC), European
Union Cybersecurity Certification (EUCC), NIST Secure Software
Development Framework, Building Security In Maturity Model (BSIMM),
O-TTPS / ISO 20243, and similar
Preferred industry certifications: One or more of PMP, CAPM, CISSP,
CISM or similar
Integrating security into and socializing security initiative for
pre-existing processes and technical environments
Strong collaboration skills over application sharing platforms and
teleconferencing
Key Personal Traits:
Able to cultivate collaborative relationships; navigate sometimes
contentious situations; and successfully resolve conflicts - all
with respect, equity, and professionalism
Comfortable working toward what may be loosely defined objectives,
clarifying and solidifying those objectives along the way
Team player, self-starter and entrepreneurial spirit
Receptive to feedback and guidance from colleagues
A critical thinker and problem solver, who is naturally curious and
a consummate learner
A good communicator with strong verbal and written presence,
capable of clearly explaining and documenting security needs
Ability to think analytically, gain insight and extrapolate
information to reach decisions and offer guidance across different
contexts
Adept at multi-tasking and achieving results in what can be a
high-pressure environment while adapting to fluid business
demands
Self-motivated and desire to independently drive the maturity of
solutions
Persistent, keeping end goals in mind, being mindful of
opportunities as they present themselves, and appreciating that
"not today" doesn't mean "not ever"
Citizenship Requirement:
Must be a US citizen or US national; US permanent residents or
candidates requiring sponsorship cannot be considered
Travel:
5% (travel typically not needed, but possible on occasion)
We are an Equal Opportunity Employer and do not discriminate
against any employee or applicant for employment because of race,
color, sex, age, religion, sexual orientation, gender identity,
national origin, status as a veteran, and basis of disability or
any federal, state, or local protected class.
Additional Locations:
United States of America - North Carolina - Morrisville
United States of America
United States of America - North Carolina
United States of America - North Carolina - Morrisville
Keywords: Lenovo, Cary , Product Security Engagement Program Manager, Executive , Morrisville, North Carolina
Click
here to apply!
|