Sr. Manager, Cyber Security GRC

Join to apply for the Sr. Manager, Cyber Security GRC role at Lenovo
.

Lenovo is a US $69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, serving millions of customers in 180 markets. With a bold vision to deliver Smart Technology for All, Lenovo builds on its success as the world’s largest PC company, offering AI‑enabled, AI‑ready and AI‑optimized devices, infrastructure, software, solutions and services.

This position is for a Sr. Manager, Cyber Security Governance, Risk and Compliance in the Solutions Services Group (SSG). You will work with Lenovo product teams worldwide to help Business Units align with regional, national and international security standards and regulations. The role will partner with business executives, product managers, architects, engineers, dev‑ops and developers to deliver the Corporate Security Strategy.

• Defining and delivering a Risk Management approach to ensure information security solutions and controls are commensurate to the business risk appetite
• Directing and conducting ongoing risk analysis organization‑wide to uphold the GRC program
• Developing metrics and KPIs to monitor progress and enable prioritization of management action
• Providing constructive advice and challenge on the management of cyber risks throughout the organization
• Working cross‑functionally to develop strategies to identify, mitigate and manage current and emerging cyber threats
• Creating, developing and maintaining security policies and practices
• Directing and advising design, service, operations teams on security requirements and implementation
• Establishing a strategy for managing security‑related audits, compliance checks and external assessment processes for auditors, including ISO 27001, EU GDPR, SOC 2 and other industry standards
• Guiding team members to align with security, audit and risk management leadership for ongoing security program assessments and strategic technology and budgetary directives
• Liaising with auditors, internal and external, to maintain and implement controls for compliance and privacy laws
• Providing SME support to other business functions
• Demonstrating leadership, support and mentoring to other members of the security management team

• CISSP/CISM/CRISC/CISA or similar level qualification
• Strong operational experience managing cyber security and risk within fast‑paced tech environments
• Knowledge of security compliance across differing technology solutions, contracts and industries
• Organizational management skills with a track record of delivering GRC projects under tight deadlines
• Experience leading security audits and conducting consulting engagements
• Knowledge and experience of implementing ISO 27001, NIST, CIS and other similar standards/frameworks
• The ability to create, develop and maintain security policies and practices
• Technical knowledge of architectural techniques to prevent, mitigate and manage security threats
• Experience with security tools and technology
• Excellent communications skills and stakeholder management experience
• Ability to think of long‑term strategic solutions as well as immediate resolutions to problems
• Excellent problem solving, critical thinking, analytical and decision‑making skills

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.