Lenovo is a US$57 billion revenue global technology powerhouse, ranked #248 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world’s largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo’s continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo’s world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub. Description and Requirements
Position Summary
The Senior Manager of Governance & Assurance Programs is responsible for leading the internal governance and assurance programs across Lenovo’s enterprise security landscape. This role owns the enterprise security policy framework, internal risk register, and overarching governance mechanisms that ensure clear accountability, alignment with regulatory requirements, and transparency of Lenovo’s security posture.
Working alongside the Sr. Manager of Global Certifications, this position is critical to delivering a unified assurance model that spans cybersecurity, physical security, product and services security, supply chain security, and data protection. The role also collaborates closely with the Director of AI Governance to ensure internal security policies and assurance programs are aligned with responsible innovation and emerging technology governance.
Key Responsibilities
Enterprise Security Governance
Lead the enterprise security policy and standards lifecycle, including development, publication, exception handling, and periodic review.Chair or coordinate cross-functional governance forums to support security policy decisions, policy exception escalations, and investment prioritization.Maintain alignment with Legal, Privacy, Compliance, and ERM teams to ensure governance frameworks meet internal and external obligations.Security Risk Management
Own and maintain the unified security risk register, integrating input from cybersecurity, physical security, product, supply chain, and data protection stakeholders.Drive cross-functional risk assessment cycles and support mitigation tracking across business units and geographies.Ensure risk data is integrated with enterprise risk management (ERM) processes and executive dashboards.Internal Assurance Programs
Develop and lead assurance programs to validate the effectiveness of security controls outside of formal certification scopes.Partner with internal stakeholders (e.g., audit, compliance, engineering, infrastructure, physical security) to conduct deep-dive reviews and assurance engagements.Provide input into control automation and continuous monitoring initiatives.Program Operations & Metrics
Oversee governance and assurance reporting, ensuring executives receive clear, actionable insights on control maturity, residual risk, and policy effectiveness.Collaborate with the Program Manager, Policy Operations to ensure timely policy publishing, metrics maintenance, and governance documentation.Basic Qualifications
Bachelor’s degree in Information Security, Risk Management, Public Policy, or related field; certifications such as CISA, CRISC, CGEIT, or ISO Lead Implementer are strongly preferred.12+ years of experience in security governance, GRC, assurance, or enterprise risk roles.Strong knowledge of policy frameworks (e.g., NIST CSF, ISO 27001, COBIT), regulatory trends (e.g., GDPR, DORA, NIS2), and risk methodologies.Experience leading enterprise-wide programs in a global, matrixed organization.Ability to drive policy consensus and risk-based decision-making across technical and business stakeholders.Preferred Qualifications
Experience aligning internal security policies with emerging domains such as AI governance, responsible innovation, or digital ethics.Familiarity with cross-domain security practices (cyber, physical, supply chain, and product security).Strong communication skills, including the ability to produce executive-level reporting and facilitate governance forums.Comfortable managing across time zones and regions.The base salary budgeted range for this position is $170K-202K. Individuals may also be considered for bonus and/or commission.
Lenovo’s various benefits can be found on www.lenovobenefits.com.
In compliance with Colorado's EPEWA, the expected application deadline for this position is December 2, 2025. This applies to both external and internal candidates.
#LI-JL1
#LI-REMOTE
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class. Additional Locations: * United States of America - North Carolina - Morrisville * United States of America * United States of America - North Carolina * United States of America - North Carolina - Morrisville