Cyber Security

Job Description We are Lenovo. We do what we say. We own what we do. We WOW our customers. Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world's largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo's continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub. Job Description The Cybersecurity Subject Matter Expert (SME) serves as a trusted authority on cybersecurity practices, policies, and technologies. This role provides guidance, strategic direction, and technical expertise to ensure the confidentiality, integrity, and availability of organizational information assets. The SME collaborates with IT, security teams, business units, and external stakeholders to design, implement, and optimize cybersecurity programs aligned with industry standards, regulatory requirements, and organizational objectives. Key Responsibilities: - Provide expert guidance on cybersecurity policies, standards, frameworks, and best practices (e.g., ISO 27001, NIST, CIS, GDPR). - Advise executive leadership on risk, threat landscape, and mitigation strategies. - Develop and recommend cybersecurity roadmaps, frameworks, and governance models. - Lead complex security architecture designs and assessments for networks, systems, applications, and cloud environments. - Provide deep technical guidance on security tools and solutions (e.g., SIEM, EDR, firewalls, vulnerability management, cloud security). - Evaluate emerging cybersecurity technologies and assess their suitability for organizational adoption. - Perform risk assessments, threat modeling, and vulnerability analyses. - Ensure adherence to regulatory, legal, and contractual cybersecurity requirements. - Support internal and external audits, providing expert responses to security queries and findings. Incident Response Investigation - Provide expertise during cybersecurity incidents, including containment, investigation, and remediation. - Analyze complex security events and recommend mitigation strategies. - Mentor SOC and IT teams in advanced incident response techniques. Policy, Procedure, Standards Development - Develop, review, and update cybersecurity policies, procedures, and operational standards. - Ensure alignment of security processes with business objectives and risk appetite. Training Knowledge Sharing - Act as a mentor and coach for security teams, IT staff, and business units. - Conduct training, workshops, and awareness programs to improve organizational security posture. - Collaborate with IT, DevOps, Legal, and business units to integrate security into business processes. Skill 11 - 15 years of relevant experience Typical Skills Include: - In-depth knowledge of Security technologies, and best practices. - Individually responsible for the design and scope of deliverables in Security Technologies - Expert level proficiency - Proven experience in client-facing roles, with a strong track record of successfully delivering Security Solutions - Strong understanding of security standards and regulatory requirements (e.g., GDPR, HIPAA, SOX, PCI DSS). - Excellent problem-solving, analytical, and communication skills. - Relevant certifications (e.g., CISSP, CISM) are highly desirable - Ability to lead and coordinate incident response activities effectively, including identifying and analyzing security incidents, containing the damage, and implementing remediation measures. - Strong leadership skills to manage and mentor a team of security professionals. Should be able to inspire, motivate, and empower team members to achieve security objectives. - Excellent communication skills to effectively communicate security risks, incidents, and mitigation strategies to stakeholders at all levels of the organization. This includes writing clear and concise reports, presenting findings to management, and fostering collaboration with other departments/ Business. - Ability to think critically and analytically to solve complex security problems. Should be able to quickly assess situations, identify root causes, and implement solutions to address security issues. - Commitment to continuous learning and improvement in security practices and processes. This involves staying updated with industry best practices, participating in training programs, and driving initiatives to enhance the security posture of the organization. - Ability to collaborate effectively with other teams such as IT, legal, compliance, and risk management to align security efforts with broader organizational goals and objectives. Qualification Experience - Bachelor's degree in engineering (Electronics, Communication, Computer Science) - 11 - 15 years of relevant experience in Identity Access Management - Should possess in-depth technical expertise in IAM solutions, architectures, best practices and technologies (Microsoft Entra, Microsoft Azure AD, Okta, SailPoint, Ping Identity, etc.) - Strong client relationship management and advisory skills. - Effective communication and presentation abilities. - Project management skills, with a focus on delivering high-quality results. - Ability to work independently and collaboratively in a team environment. - Continuous learning and adaptability to new technologies and trends. - Other Cyber Security certifications, such as CISSP, CRISC, CISM, SANS, SABSA, OSCP are an added advantage. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class. WD00088841 https://lenovo.avature.net/en_US/careers/JobDetailjobId=70787 Key Responsibilities: - Provide expert guidance on cybersecurity policies, standards, frameworks, and best practices (e.g., ISO 27001, NIST, CIS, GDPR). - Advise executive leadership on risk, threat landscape, and mitigation strategies. - Develop and recommend cybersecurity roadmaps, frameworks, and governance models. - Lead complex security architecture designs and assessments for networks, systems, applications, and cloud environments. - Provide deep technical guidance on security tools and solutions (e.g., SIEM, EDR, firewalls, vulnerability management, cloud security). - Evaluate emerging cybersecurity technologies and assess their suitability for organizational adoption. - Perform risk assessments, threat modeling, and vulnerability analyses. - Ensure adherence to regulatory, legal, and contractual cybersecurity requirements. - Support internal and external audits, providing expert responses to security queries and findings. Incident Response Investigation - Provide expertise during cybersecurity incidents, including containment, investigation, and remediation. - Analyze complex security events and recommend mitigation strategies. - Mentor SOC and IT teams in advanced incident response techniques. Policy, Procedure, Standards Development - Develop, review, and update cybersecurity policies, procedures, and operational standards. - Ensure alignment of security processes with business objectives and risk appetite. Training Knowledge Sharing - Act as a mentor and coach for security teams, IT staff, and business units. - Conduct training, workshops, and awareness programs to improve organizational security posture. - Collaborate with IT, DevOps, Legal, and business units to integrate security into business processes. Skill 11 - 15 years of relevant experience Qualification Experience - Bachelor's degree in engineering (Electronics, Communication, Computer Science) - 11 - 15 years of relevant experience in Identity Access Management - Should possess in-depth technical expertise in IAM solutions, architectures, best practices and technologies (Microsoft Entra, Microsoft Azure AD, Okta, SailPoint, Ping Identity, etc.) - Strong client relationship management and advisory skills. - Effective communication and presentation abilities. - Project management skills, with a focus on delivering high-quality results. - Ability to work independently and collaboratively in a team environment. - Continuous learning and adaptability to new technologies and trends. - Other Cyber Security certifications, such as CISSP, CRISC, CISM, SANS, SABSA, OSCP are an added advantage. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.