Sr. Manager, Cyber Security GRC

Description and Requirements Come be a part of the next generation of Managed Services and Solutions at Lenovo This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions & Services Group (SSG). This is an exciting role that will give you the opportunity to work with Lenovo Product teams around the world to help Lenovo Business Units align with various regional, national and international security standards and regulations. You will be working alongside some of the best security teams in the industry. You will join a growing team of security professionals to lead security risk management initiatives and to design risk remediation and mitigation strategies and tactics. This role will work hand in hand with business executives, product managers, architects, engineers, dev-ops and developers to deliver against the Corporate Security Strategy. This position will define methodologies, metrics and KPIs; scoping and delivering security assessments ensuring continued alignment to standards over time. Ensuring that growth, improvements, gaps and risks are accurately communicated to business leaders, the role includes implementation and maintenance of policies, as well as a comprehensive controls framework with global third-party risk management.What you'll be doingDefining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetiteDirecting and conducting ongoing risk analysis organization-wide to uphold the GRC programDeveloping metrics and KPIs to monitor progress and enable prioritization of management actionProviding constructive advice and challenge on the management of cyber risks throughout the organizationWorking cross-functionally to develop strategies to identify, mitigate and manage current and emerging cyber threatsCreating, developing and maintaining security policies and practicesDirecting and advising design, service, operations teams on security requirements and implementationEstablishing and maintaining a strategy for managing security-related audits, compliance checks and external assessment processes for auditors, including but not limited to, ISO27001, EU’s General Data Protection Regulation (GDPR), Service Organization Controls (SOC) 2 and other applicable industry standards.Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments, as well as strategic technology and budgetary directivesLiaising with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.Providing SME support to other business functionsDemonstrating leadership, providing support and mentoring to other members of the security management team.What you'll needCISSP/CISM/CRISC/CISA or similar level qualificationStrong operational experience of managing cyber security and risk within fast-paced technology environmentsKnowledge of security compliance across differing technology solutions, contracts and industriesOrganizational management skills with a track record of delivering GRC projects under tight deadlinesExperience of leading security audits and conducting consulting engagementsKnowledge and experience of implementing ISO27001, NIST, CIS and other similar standards/frameworksThe ability to create, develop and maintain security policies and practicesA good working level of technical knowledge of architectural techniques to prevent, mitigate and manage security threatExperience of security tools and technologyExcellent communications skills and stakeholder management experienceAbility to think of long-term strategic solutions as well as immediate resolutions to problemsExcellent problem solving, critical thinking, analytical and decision making skills