AP Privacy Legal Counsel

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

We’re looking for a legally trained professional who thrives at the intersection of privacy, cybersecurity, and technology. In this role, you’ll advise business and legal stakeholders across AP—shaping our compliance posture, guiding incident response, and helping design governance frameworks that keep our products and operations resilient. You’ll collaborate daily with InfoSec, Product Security, IT, Risk, Legal Compliance, and business units to embed privacy‑by‑design and strengthen cyber readiness.

You’ll be the go‑to counsel for evolving AP regulations—from Singapore’s PDPA and Cybersecurity Act to India’s DPDPA and CERT‑In directions, Australia’s cybersecurity reforms, South Korea’s Network Act, and more—translating law into practical guidance for engineers and operators.

• Track developments in AP privacy and cybersecurity laws, with a focus on CII/NCII designation impacts, data localisation, and cross‑border transfers; maintain our AP requirements database.
• Map cybersecurity legal obligations across AP and identify practice gaps; drive remediation plans.
• Support implementation of ISO27001 and NIST CSF aligned frameworks; help prepare for regulatory inquiries and audits.

• Interpret and apply key cybersecurity legislation and guidelines, including Singapore’s Cybersecurity Act (CII, licensing), Malaysia’s Cyber Security Act 2024, India’s IT Act/CERT‑In and DPDPA, and relevant sectoral rules.
• Advise stakeholders on licensing obligations for cybersecurity service providers; coordinate applications where needed.
• Develop training materials and deliver briefings on AP cybersecurity legal risks and best practices.

• Partner with product and IT engineering to embed privacy‑by‑design/by‑default; advise on data minimization, consent, retention, and access control.
• Review designs/architectures to identify privacy and cyber impacts early; document technical organizational measures protecting personal data.

• Draft, review and negotiate privacy and cybersecurity provisions (indemnities, data protection, breach notification, audits).
• Assess third‑party vendor privacy/cyber risks; support procurement with DPAs, SCCs/BCRs where applicable.

• Partner with security teams to investigate suspected or actual incidents.
• Lead breach assessment and regulatory reporting; draft communications to regulators, customers and affected individuals as required.

• Assist senior privacy counsels with privacy reviews, gap assessments, and managing data localisation risks across AP.

• JD or LLB with 8+ years in cybersecurity‑related legal roles (preferably tech or IT‑led organizations).
• Demonstrated ability to advise across AP markets with strong knowledge of major privacy/cyber laws (Australia, Japan, South Korea, India, Singapore, Malaysia, etc.) and frameworks (ISO27001, NIST CSF).
• Hands‑on experience with incident response and regulatory engagement.
• Excellent communication and stakeholder management across technical and non‑technical teams.
• Fluency in English (written spoken); Mandarin is a plus; additional AP languages (Japanese/Korean) appreciated.

• Certifications such as CIPP/E, CIPT, CIPM, CISSP (or equivalent).
• Familiarity with IT systems, data architecture, or enterprise data management tools.
• Experience in a multinational environment or global privacy program.
• Proficiency in one additional language (e.g., Mandarin, Japanese, Korean).

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.