z******7 发帖数: 2 | 1 Please send CV to: z*******[email protected]
Telephone: +86 (0)10 85916462
Job Description – Corporate IT Security Architect
Position Name: Corporate Information Technology Security Architect (Band
9)
Location: China
Immediate Manager: Chief Information Security Officer
JOB DESCRIPTION – DUTIES AND RESPONSIBILITIES
Reporting to the Chief Information Security Officer, the Corporate
Information Technology Security Architect will deliver technical
architecture and standards for Lenovo projects, services and production/
operations environments, and work with architecture, business development
and operations groups to ensure practical implementation of those standards
as reusable infrastructure.
Key Responsibilities:
• Identify and prioritise needs for standardised security solutions
across Lenovo projects, services and infrastructures.
• Deliver and maintain specifications of security services within
the business and information technology architecture.
• Maintain a roadmap for the development and update of project and
service-oriented security architecture and standards. Ensure existing
materials are kept adequately up to date, taking into account changes in
threats, vulnerabilities, technological features and customer expectations.
• Identify needs and opportunities for the implementation of
security architecture as reusable infrastructure. Identify suitable
development owners for each architectural service. Build business case for
investment in new projects, services and work with other CIO staff to
commission the building of security infrastructure.
• Track and report on progress within the company of implementation
of security architecture in projects, services and infrastructure
environments (such as the eCommerce Trust programme). Report on any major
areas of vulnerability or non-compliance with company policy found.
• Assist architecture, business development, and technical groups
within Lenovo in the interpretation of security architecture and standards.
Feedback user comments into future updates so as to improve practical
usability of deliverables.
• Commission the delivery of, project and service-oriented security
standards. Identify key stakeholders for each deliverable and ensure their
participation in reviews and approval. Perform or commission practical
acceptance testing of new and updated standards. Produce and maintain
traceability information linking standards/architecture and CIO IT security
policy.
General Responsibilities:
• Keep aware of, and compliant with, company policies and codes of
conduct in all relevant areas.
• Assist in the development of internal information sharing and
work management IT facilities within the group.
• Support the group by peer reviews of other deliverables as
requested.
• Perform ad-hoc technical investigations and product evaluations
as requested.
• Monitor personal developments requirements and propose areas for
courses or coaching as necessary.
• Present on aspects of the above work to internal or external
audiences as requested.
• Perform other tasks within the remit of the group as requested.
• Ensure that work is planned, tracked, and progress reported on a
regular basis.
CORPORATE ENTITY/DEPARTMENT’S ROLE
The business purpose of this role is to specify and drive forward standard
solutions for security within Lenovo projects, services and infrastructure
deployment. This will improve the ability of other architects, projects and
service managers to deliver secure services and drive down the marginal
cost of security by means of standard infrastructure.
JOB SPECIFICATIONS – REQUIRED SKILLS AND EDUCATION
The candidate must have an understanding of IT Security principles and
technology in breadth and depth, gained from:
• At least three years in full-time security architecture roles in
end-user or consultancy organisations, with a total of at least three to
five years in information security, application development, and IT network
design/management and project management.
• Demonstrable track record in researching new security issues and
technology and designing innovative solutions (rather than merely deploying
off-the-shelf products and relying on advice from vendors/consultancies).
• Experience developing and managing relationships with 3rd Party
Suppliers and internal IT groups.
• As the role involves communicating security issues to others,
excellent communication skills are essential.
• The candidate must be able to collate and synthesise written
information from a wide range of sources, and present this in a clear,
concise manner for a variety of technical and non-technical readerships.
The ability and willingness to produce clear documentation and reports is
essential.
• Experience of developing and/or coding security functionality
within applications is highly desirable.
• Practical experience of securing and administering some of the
following: Applications, Applications Servers, Middleware, Databases,
Windows, AIX, Linux, and SAP platforms would be useful.
• Although not essential, an appreciation of the manufacturing
markets, and the role of IT within those markets, would also be useful.
Education
BS degree in computer science is preferred or equivalent experience.
Understanding of ISO 27000 standards and Industry recognized information
security professional certification a plus.
Reporting line
The role reports to the CISO The role reports to the CISO and is a member
of CIO IT Security/Architecture Group and other Business unit committees.
Important Note: This should not be read as a definitive list of job
responsibilities, as job holders may be required to carry out tasks and
assume responsibilities not mentioned above, but which will be related to
and commensurate with the overall level of responsibility of their job and
band level.
Please send CV to: z*******[email protected]
Telephone: +86 (0)10 85916462 |
|