Manager, Security Risk Assessment Program

Position Summary

The Manager, Security Risk Assessment Program plays a critical role in operationalizing Lenovo's enterprise security assurance and risk management functions. This position supports the development and execution of cross-domain assurance activities – including risk register maintenance, internal control validations, and governance metrics tracking – across cybersecurity, physical security, product security, supply chain security, and data protection.

Reporting to the Director, Global Security Governance & Assurance, this role helps ensure Lenovo's security posture is measurable, accountable, and continuously improving. It also supports alignment with the Director of AI Governance to ensure emerging risks and control gaps in AI and responsible innovation domains are captured within enterprise assurance practices.

• Maintain the enterprise security risk register, ensuring timely intake, analysis, updates, and reporting.
• Collaborate with stakeholders from each security domain to document risk mitigation strategies, target states, and owner accountability.
• Support quarterly risk review cycles and integration of security risks into enterprise risk management dashboards.
• Execute assurance reviews and control validation activities across internal domains (cyber, physical, supply chain, product, data).
• Coordinate collection of control evidence and remediation tracking in partnership with audit, compliance, and infrastructure teams.
• Help prepare the security function for internal audits, stakeholder reviews, or external assessments beyond formal certification scopes.
• Support the creation of assurance dashboards, risk posture metrics, and trend reporting for governance forums and executive stakeholders.
• Maintain templates, logs, and records that support governance and assurance transparency.
• Assist in cross-functional program planning, tool enablement, and process improvements in governance and assurance workflows.
• Contribute to internal education efforts on risk and assurance accountability across business units and technical teams.

• Bachelor's degree in Information Security, Risk Management, or related field; certifications such as CRISC, CISA, or ISO 27001 Lead Implementer are a plus.
• 8+ years of experience in security risk management, assurance, GRC, or compliance roles.
• Familiarity with governance frameworks such as NIST CSF, ISO 27001, COBIT, or SOC 2.

• Experience working across global, cross-functional teams to execute governance or control-related activities.
• Strong analytical skills and attention to detail in risk documentation, evidence management, and reporting.
• Experience operationalizing risk registers, GRC tooling, or assurance workflows.
• Ability to interpret technical control evidence and translate it into business-aligned assurance outputs.
• Familiarity with multiple security domains (e.g., physical, product, supply chain).
• Comfortable managing deadlines across regions and time zones.

The base salary budgeted range for this position is $100k-115K USD. Individuals may also be considered for bonuses and/or commission.

Lenovo's various benefits can be found on

In compliance with Colorado's EPEWA, the expected Final date to receive applications for this position is January 2, 2026. This applies to both external and internal candidates.

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.