Job Information
Lenovo Product Security Engagement Program Manager in Morrisville, North Carolina
Product Security Engagement Program Manager
General Information
Req #
WD00063741
Career area:
Hardware Engineering
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Friday, April 19, 2024
Working time:
Full-time
Additional Locations :
- United States of America - North Carolina - Morrisville
Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$62 billion revenue global technology powerhouse, ranked #217 in the Fortune Global 500, employing 77,000 people around the world, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver smarter technology for all, Lenovo has built on its success as the world’s largest PC company by further expanding into growth areas that fuel the advancement of ‘New IT’ technologies (client, edge, cloud, network, and intelligence) including server, storage, mobile, software, solutions, and services.
This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via ourStoryHub (https://news.lenovo.com/) .
Description and Requirements
Lenovo Infrastructure Solutions Group’s (ISG) Product Security Office (PSO) is seeking a Product Security Engagement Program Manager to support Lenovo ISG’s Secure Development Lifecycle activities and directly contribute to maintaining a high-level of security in the products we provide to our customers. This position joins an established product security team which supports Lenovo ISG’s growing and evolving product security needs through securing an expanding product and service portfolio.
This is a dynamic product security role, with the successful candidate having a solid security knowledge base to draw from; a proven record of success in developing internal stakeholder engagement and education programs across all phases; experience with analyzing external security standards to build internal artifacts; supporting compliance programs to achieve industry certifications; the ability to multi-task across several projects concurrently, adapt, and grow deeper expertise as needed; and be comfortable taking ownership of projects to ensure effective delivery.
Primary responsibilities: The ideal candidate for this Product Security Engagement Program Manager role should have a successful record in developing internal stakeholder engagement and education programs across all phases, leveraging internally developed standards, policies, guidelines and other documentation to promote engagement with internal technical users, such as developers. Responsibilities also include advancing product security compliance with security standards through user awareness, tracking metrics to measure compliance with security standards, and building compliance solutions or programs to meet certification requirements. Continue to advance the ISG PSO program focused on cultivating security knowledge and training for users, or Security Champions, embedded in development teams. Additionally, the ideal candidate will be able to multi-task, adapt, and service diverse security needs; own and prioritize and accreditation efforts.
This role can be a remote position or based in Morrisville, NC
Representative responsibilities include:
Developing and maintaining a product security engagement and education program
Creating and socializing security guidance, compliance, and standards documentation Researching, designing, and educating others on security best practices, standards, requirements, procedures, training materials, etc.
Working with peers, security leadership, developers and cross-functional teams to improve security engagement with continually evolving business and market needs and expectations
Maintaining an open, thoughtful, respectful, and collaborative team environment
Assessing products, services, and organizational units for compliance with security requirements
Analyzing industry standards, guidance, legislation, etc. for applicability, to identify gaps, and to recommend actions and solutions
Leading assigned product, service, and/or organizational security certification activities across all phases
Coordinating and tracking finding remediations in accordance with relevant industry standards
Position Requirements
Basic Qualifications:
Bachelor’s or above degree in Management Information Systems, Information Security, Cybersecurity, Computer Science or other related degree is preferred
Non-degree candidates with additional years of relevant work experience
8+ years of industry experience in program or project management with relevant degree
3+ years of demonstrated experience in security awareness/education, product security engagement, or product security program management
Preferred Qualifications:
Experience successfully designing and managing internal user engagement or education programs is preferred
Practical experience defining and gathering metrics to measure product security compliance to internal and external standards
Knowledge of secure software development concepts
Practical experience analyzing and documenting gap analyses between current-state and security standard compliant-state
Maintain current knowledge of security standards and monitor advancements to ensure organizational adaptation and compliance
Familiarity with industry and government security standards and compliance frameworks, including one or more of the following: ISO 27000-series, NIST SP 800-series, Common Criteria (CC), European Union Cybersecurity Certification (EUCC), NIST Secure Software Development Framework, Building Security In Maturity Model (BSIMM), O-TTPS / ISO 20243, and similar
Preferred industry certifications: One or more of PMP, CAPM, CISSP, CISM or similar
Integrating security into and socializing security initiative for pre-existing processes and technical environments
Strong collaboration skills over application sharing platforms and teleconferencing
Key Personal Traits:
Able to cultivate collaborative relationships; navigate sometimes contentious situations; and successfully resolve conflicts – all with respect, equity, and professionalism
Comfortable working toward what may be loosely defined objectives, clarifying and solidifying those objectives along the way
Team player, self-starter and entrepreneurial spirit
Receptive to feedback and guidance from colleagues
A critical thinker and problem solver, who is naturally curious and a consummate learner
A good communicator with strong verbal and written presence, capable of clearly explaining and documenting security needs
Ability to think analytically, gain insight and extrapolate information to reach decisions and offer guidance across different contexts
Adept at multi-tasking and achieving results in what can be a high-pressure environment while adapting to fluid business demands
Self-motivated and desire to independently drive the maturity of solutions
Persistent, keeping end goals in mind, being mindful of opportunities as they present themselves, and appreciating that “not today” doesn’t mean “not ever”
Citizenship Requirement:
- Must be a US citizen or US national; US permanent residents or candidates requiring sponsorship cannot be considered
Travel:
- 5% (travel typically not needed, but possible on occasion)
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations :
United States of America - North Carolina - Morrisville
United States of America
United States of America - Arizona , * United States of America - Connecticut , * United States of America - District of Columbia , * United States of America - Florida , * United States of America - Georgia , * United States of America - Illinois , * United States of America - New Hampshire , * United States of America - New Jersey , * United States of America - New York , * United States of America - North Carolina , * United States of America - Tennessee , * United States of America - Texas
United States of America - North Carolina - Morrisville