GENERAL INFORMATION

Req #
WD00085653
Career area:
Information Technology
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Thursday, August 14, 2025
Working time:
Full-time

Additional Locations:

• United States of America - North Carolina - Morrisville

POSITION SUMMARY

The Senior Manager of Governance & Assurance Programs is responsible for leading the internal governance and assurance programs across Lenovo’s enterprise security landscape. This role owns the enterprise security policy framework, internal risk register, and overarching governance mechanisms that ensure clear accountability, alignment with regulatory requirements, and transparency of Lenovo’s security posture.
Working alongside the Sr. Manager of Global Certifications, this position is critical to delivering a unified assurance model that spans cybersecurity, physical security, product and services security, supply chain security, and data protection. The role also collaborates closely with the Director of AI Governance to ensure internal security policies and assurance programs are aligned with responsible innovation and emerging technology governance.

BASIC QUALIFICATIONS

• Bachelor’s degree in Information Security, Risk Management, Public Policy, or related field; certifications such as CISA, CRISC, CGEIT, or ISO Lead Implementer are strongly preferred.
• 12+ years of experience in security governance, GRC, assurance, or enterprise risk roles.
• Strong knowledge of policy frameworks (e.g., NIST CSF, ISO 27001, COBIT), regulatory trends (e.g., GDPR, DORA, NIS2), and risk methodologies.
• Experience leading enterprise-wide programs in a global, matrixed organization.
• Ability to drive policy consensus and risk-based decision-making across technical and business stakeholders.

PREFERRED QUALIFICATIONS

• Experience aligning internal security policies with emerging domains such as AI governance, responsible innovation, or digital ethics.
• Familiarity with cross-domain security practices (cyber, physical, supply chain, and product security).
• Strong communication skills, including the ability to produce executive-level reporting and facilitate governance forums.
• Comfortable managing across time zones and regions.
  The base salary budgeted range for this position is $170K-202K. Individuals may also be considered for bonus and/or commission.
  Lenovo’s various benefits can be found on www.lenovobenefits.com.
  In compliance with Colorado’s EPEWA, the expected application deadline for this position is December 2, 2025. This applies to both external and internal candidates.
  

  LI-JL1

Enterprise Security Governance

• Lead the enterprise security policy and standards lifecycle, including development, publication, exception handling, and periodic review.
• Chair or coordinate cross-functional governance forums to support security policy decisions, policy exception escalations, and investment prioritization.
• Maintain alignment with Legal, Privacy, Compliance, and ERM teams to ensure governance frameworks meet internal and external obligations.

Security Risk Management

• Own and maintain the unified security risk register, integrating input from cybersecurity, physical security, product, supply chain, and data protection stakeholders.
• Drive cross-functional risk assessment cycles and support mitigation tracking across business units and geographies.
• Ensure risk data is integrated with enterprise risk management (ERM) processes and executive dashboards.

Internal Assurance Programs

• Develop and lead assurance programs to validate the effectiveness of security controls outside of formal certification scopes.
• Partner with internal stakeholders (e.g., audit, compliance, engineering, infrastructure, physical security) to conduct deep-dive reviews and assurance engagements.
• Provide input into control automation and continuous monitoring initiatives.

Program Operations & Metrics

• Oversee governance and assurance reporting, ensuring executives receive clear, actionable insights on control maturity, residual risk, and policy effectiveness.
• Collaborate with the Program Manager, Policy Operations to ensure timely policy publishing, metrics maintenance, and governance documentation.