Homeoffice Manager, Security Risk & Assurance Programs bei Lenovo

Position SummaryThe Manager of Risk & Assurance Programs plays a critical role in operationalizing Lenovo’s enterprise security assurance and risk management functions. This position supports the development and execution of cross-domain assurance activities — including risk register maintenance, internal control validations, and governance metrics tracking — across cybersecurity, physical security, product security, supply chain security, and data protection.Reporting to the Director of Governance & Assurance, this role helps ensure Lenovo’s security posture is measurable, accountable, and continuously improving. It also supports alignment with the Director of AI Governance to ensure emerging risks and control gaps in AI and responsible innovation domains are captured within enterprise assurance practices.Key ResponsibilitiesRisk Management OperationsMaintain the enterprise security risk register, ensuring timely intake, analysis, updates, and reporting.Collaborate with stakeholders from each security domain to document risk mitigation strategies, target states, and owner accountability.Support quarterly risk review cycles and integration of security risks into enterprise risk management (ERM) dashboards.Assurance ExecutionExecute assurance reviews and control validation activities across internal domains (cyber, physical, supply chain, product, data).Coordinate collection of control evidence and remediation tracking in partnership with audit, compliance, and infrastructure teams.Help prepare the security function for internal audits, stakeholder reviews, or external assessments beyond formal certification scopes.Metrics & ReportingSupport the creation of assurance dashboards, risk posture metrics, and trend reporting for governance forums and executive stakeholders.Maintain templates, logs, and records that support governance and assurance transparency.Program SupportAssist in cross-functional program planning, tool enablement, and process improvements in governance and assurance workflows.Contribute to internal education efforts on risk and assurance accountability across business units and technical teams.QualificationsBachelor’s degree in Information Security, Risk Management, or related field; certifications such as CRISC, CISA, or ISO 27001 Lead Implementer are a plus.8+ years of experience in security risk management, assurance, GRC, or compliance roles.Familiarity with governance frameworks such as NIST CSF, ISO 27001, COBIT, or SOC 2.Preferred AttributesExperience working across global, cross-functional teams to execute governance or control-related activities.Strong analytical skills and attention to detail in risk documentation, evidence management, and reporting.Experience operationalizing risk registers, GRC tooling, or assurance workflows.Ability to interpret technical control evidence and translate it into business-aligned assurance outputs.Familiarity with multiple security domains (e.g., physical, product, supply chain).Comfortable managing deadlines across regions and time zones.The base salary budgeted range for this position is $100k-115K. Individuals may also be considered for bonus and/or commission.Lenovo’s various benefits can be found on .In compliance with Colorado's EPEWA, the expected application deadline for this position is November 2, 2025. This applies to both external and internal candidates.#LI-JL1#LI-REMOTE Jetzt bewerben