Manager, Security Risk & Assurance Programs

* United States of America - North Carolina - Morrisville

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com , and read about the latest news via our StoryHub .

Position Summary

The Manager of Risk & Assurance Programs plays a critical role in operationalizing Lenovo’s enterprise security assurance and risk management functions. This position supports the development and execution of cross-domain assurance activities — including risk register maintenance, internal control validations, and governance metrics tracking — across cybersecurity, physical security, product security, supply chain security, and data protection.

Reporting to the Director of Governance & Assurance, this role helps ensure Lenovo’s security posture is measurable, accountable, and continuously improving. It also supports alignment with the Director of AI Governance to ensure emerging risks and control gaps in AI and responsible innovation domains are captured within enterprise assurance practices.

Key Responsibilities

• Maintain the enterprise security risk register, ensuring timely intake, analysis, updates, and reporting.
• Collaborate with stakeholders from each security domain to document risk mitigation strategies, target states, and owner accountability.
• Support quarterly risk review cycles and integration of security risks into enterprise risk management (ERM) dashboards.

Assurance Execution

• Execute assurance reviews and control validation activities across internal domains (cyber, physical, supply chain, product, data).
• Coordinate collection of control evidence and remediation tracking in partnership with audit, compliance, and infrastructure teams.
• Help prepare the security function for internal audits, stakeholder reviews, or external assessments beyond formal certification scopes.

Metrics & Reporting

• Support the creation of assurance dashboards, risk posture metrics, and trend reporting for governance forums and executive stakeholders.
• Maintain templates, logs, and records that support governance and assurance transparency.

Program Support

• Assist in cross-functional program planning, tool enablement, and process improvements in governance and assurance workflows.
• Contribute to internal education efforts on risk and assurance accountability across business units and technical teams.

Qualifications

• Bachelor’s degree in Information Security, Risk Management, or related field; certifications such as CRISC, CISA, or ISO 27001 Lead Implementer are a plus.
• 8+ years of experience in security risk management, assurance, GRC, or compliance roles.
• Familiarity with governance frameworks such as NIST CSF, ISO 27001, COBIT, or SOC 2.

Preferred Attributes

• Experience working across global, cross-functional teams to execute governance or control-related activities.
• Strong analytical skills and attention to detail in risk documentation, evidence management, and reporting.
• Experience operationalizing risk registers, GRC tooling, or assurance workflows.
• Ability to interpret technical control evidence and translate it into business-aligned assurance outputs.
• Familiarity with multiple security domains (e.g., physical, product, supply chain).
• Comfortable managing deadlines across regions and time zones.

The base salary budgeted range for this position is $100k-115K. Individuals may also be considered for bonus and/or commission.

In compliance with Colorado's EPEWA, the expected application deadline for this position is November 2, 2025. This applies to both external and internal candidates.

#LI-JL1

#LI-REMOTE

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.

Additional Locations: * United States of America - North Carolina - Morrisville

If you require an accommodation to complete this application, please contactability@lenovo.com