CaryRecruiter Since 2001
the smart solution for Cary jobs

Product Security Engagement Program Manager

Company: Lenovo
Location: Morrisville
Posted on: May 11, 2024

Job Description:

Product Security Engagement Program Manager

General Information

Req #

WD00063741

Career area:

Hardware Engineering

Country/Region:

United States of America

State:

North Carolina

City:

Morrisville

Date:

Friday, April 19, 2024

Working time:

Full-time

Additional Locations:

United States of America - North Carolina - Morrisville

Why Work at Lenovo

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world's largest PC company by further expanding into growth areas that fuel the advancement of 'New IT' technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.

This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) .

Description and Requirements

Lenovo Infrastructure Solutions Group's (ISG) Product Security Office (PSO) is seeking a Product Security Engagement Program Manager to support Lenovo ISG's Secure Development Lifecycle activities and directly contribute to maintaining a high-level of security in the products we provide to our customers. This position joins an established product security team which supports Lenovo ISG's growing and evolving product security needs through securing an expanding product and service portfolio.

This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; a proven record of success in developing internal stakeholder engagement and education programs across all phases; experience with analyzing external security standards to build internal artifacts; supporting compliance programs to achieve industry certifications; the ability to multi-task across several projects concurrently, adapt, and grow deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.

Primary responsibilities: The ideal candidate for this Product Security Engagement Program Manager role should have a successful record in developing internal stakeholder engagement and education programs across all phases, leveraging internally developed standards, policies, guidelines and other documentation to promote engagement with internal technical users, such as developers. Responsibilities also include advancing product security compliance with security standards through user awareness, tracking metrics to measure compliance with security standards, and building compliance solutions or programs to meet certification requirements. Continue to advance the ISG PSO program focused on cultivating security knowledge and training for users, or Security Champions, embedded in development teams. Additionally, the ideal candidate will be able to multi-task, adapt, and service diverse security needs; own and prioritize and accreditation efforts.

Representative responsibilities include:

Developing and maintaining a product security engagement and education program

Creating and socializing security guidance, compliance, and standards documentation Researching, designing, and educating others on security best practices, standards, requirements, procedures, training materials, etc.

Working with peers, security leadership, developers and cross-functional teams to improve security engagement with continually evolving business and market needs and expectations

Maintaining an open, thoughtful, respectful, and collaborative team environment

Assessing products, services, and organizational units for compliance with security requirements

Analyzing industry standards, guidance, legislation, etc. for applicability, to identify gaps, and to recommend actions and solutions

Leading assigned product, service, and/or organizational security certification activities across all phases

Coordinating and tracking finding remediations in accordance with relevant industry standards

Position Requirements

Basic Qualifications:

Bachelor's or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred

Non-degree candidates with additional years of relevant work experience

8+ years of industry experience in program or project management with relevant degree

At least 3+ years of demonstrated experience in security awareness/education, product security engagement, or product security program management

Preferred Qualifications:

Experience successfully designing and managing internal user engagement or education programs is preferred

Practical experience defining and gathering metrics to measure product security compliance to internal and external standards

Knowledge of secure software development concepts

Practical experience analyzing and documenting gap analyses between current-state and security standard compliant-state

Maintain current knowledge of security standards and monitor advancements to ensure organizational adaptation and compliance

Familiarity with industry and government security standards and compliance frameworks, including one or more of the following: ISO 27000-series, NIST SP 800-series, Common Criteria (CC), European Union Cybersecurity Certification (EUCC), NIST Secure Software Development Framework, Building Security In Maturity Model (BSIMM), O-TTPS / ISO 20243, and similar

Preferred industry certifications: One or more of PMP, CAPM, CISSP, CISM or similar

Integrating security into and socializing security initiative for pre-existing processes and technical environments

Strong collaboration skills over application sharing platforms and teleconferencing

Key Personal Traits:

Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts - all with respect, equity, and professionalism

Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way

Team player, self-starter and entrepreneurial spirit

Receptive to feedback and guidance from colleagues

A critical thinker and problem solver, who is naturally curious and a consummate learner

A good communicator with strong verbal and written presence, capable of clearly explaining and documenting security needs

Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts

Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands

Self-motivated and desire to independently drive the maturity of solutions

Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that "not today" doesn't mean "not ever"

Citizenship Requirement:

Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered

Travel:

5% (travel typically not needed, but possible on occasion)

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.

Additional Locations:

United States of America - North Carolina - Morrisville

United States of America

United States of America - North Carolina

United States of America - North Carolina - Morrisville

Keywords: Lenovo, Cary , Product Security Engagement Program Manager, Executive , Morrisville, North Carolina

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest North Carolina jobs by following @recnetNC on Twitter!

Cary RSS job feeds