Manager, Security Risk Assessment Program

We are Lenovo. We do what we say. We own what we do. We WOW our customers. Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY). This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub. Position Summary The Manager, Security Risk Assessment Program plays a critical role in operationalizing Lenovo’s enterprise security assurance and risk management functions. This position supports the development and execution of cross-domain assurance activities — including risk register maintenance, internal control validations, and governance metrics tracking — across cybersecurity, physical security, product security, supply chain security, and data protection. Reporting to the Director, Global Security Governance Assurance, this role helps ensure Lenovo’s security posture is measurable, accountable, and continuously improving. It also supports alignment with the Director of AI Governance to ensure emerging risks and control gaps in AI and responsible innovation domains are captured within enterprise assurance practices. Responsibilities • Maintain the enterprise security risk register, ensuring timely intake, analysis, updates, and reporting. • Collaborate with stakeholders from each security domain to document risk mitigation strategies, target states, and owner accountability. • Support quarterly risk review cycles and integration of security risks into enterprise risk management (ERM) dashboards. • Execute assurance reviews and control validation activities across internal domains (cyber, physical, supply chain, product, data). • Coordinate collection of control evidence and remediation tracking in partnership with audit, compliance, and infrastructure teams. • Help prepare the security function for internal audits, stakeholder reviews, or external assessments beyond formal certification scopes. • Support the creation of assurance dashboards, risk posture metrics, and trend reporting for governance forums and executive stakeholders. • Maintain templates, logs, and records that support governance and assurance transparency. • Assist in cross-functional program planning, tool enablement, and process improvements in governance and assurance workflows. • Contribute to internal education efforts on risk and assurance accountability across business units and technical teams. Basic Qualifications • Bachelor’s degree in Information Security, Risk Management, or related field; certifications such as CRISC, CISA, or ISO 27001 Lead Implementer are a plus. • 8+ years of experience in security risk management, assurance, GRC, or compliance roles. • Familiarity with governance frameworks such as NIST CSF, ISO 27001, COBIT, or SOC 2. Preferred Qualifications • Experience working across global, cross-functional teams to execute governance or control-related activities. • Strong analytical skills and attention to detail in risk documentation, evidence management, and reporting. • Experience operationalizing risk registers, GRC tooling, or assurance workflows. • Ability to interpret technical control evidence and translate it into business-aligned assurance outputs. • Familiarity with multiple security domains (e.g., physical, product, supply chain). • Comfortable managing deadlines across regions and time zones. The base salary budgeted range for this position is $100k-115K USD. Individuals may also be considered for bonus and/or commission. Lenovo’s various benefits can be found onwww.lenovobenefits.com. In compliance with Colorado's EPEWA, the expected application deadline for this position is January 2, 2026. This applies to both external and internal candidates. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class. Apply tot his job