We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
New

Sr. Manager, Cyber Resilience Act Compliance

Lenovo
United States, North Carolina, Morrisville
Jul 09, 2026


General Information
Req #
WD00101168
Career area:
Information Technology
Country/Region:
United States of America
State:
North Carolina
City:
Morrisville
Date:
Thursday, July 9, 2026
Working time:
Full-time
Additional Locations:
* United States of America - North Carolina - Morrisville

Why Work at Lenovo
We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$83 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world's largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo's continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

Description and Requirements

Position Summary

The Senior Manager, CRA Compliance Program serves as the enterprise execution lead for the EU Cyber Resilience Act (CRA) compliance program across inscope products, services, and supporting systems. EU CRA is a priority regulatory program with defined timelines, regulatory obligations, and audit expectations.

This role owns delivery execution, operating rhythm, and people leadership for the compliance and certifications function, ensuring consistent execution, prioritization, and quality across the portfolio.

Key Responsibilities

Compliance Portfolio Leadership & Program Execution

  • EU Cyber Resilience Act is a priority regulatory program with defined delivery timelines and regulatory obligations that must be met across the portfolio.
  • Lead execution of a portfolio of security compliance and certification initiatives, ensuring delivery against regulatory, certification, and customer requirements.
  • Accountable for execution delivery across the compliance portfolio. Regulatory interpretation and final compliance positions are owned by designated central GRC, Legal, or Security leadership.
  • Define execution strategies, operating models, and delivery plans for supported compliance programs.
  • Maintain oversight of scope, timelines, dependencies, and milestones across the portfolio.
  • Maintain end-to-end traceability between regulatory requirements, implemented controls, and supporting evidence across all supported programs.
  • Provide compliance execution leadership across Product Security, IT, Legal, Privacy, Supply Chain, and external partners.
  • Resolve execution conflicts, manage dependencies, and drive alignment across stakeholders.

People Leadership & Organizational Management

  • Directly manage and develop subordinate contributors.
  • Ensure clear accountability for compliance deliverables, deadlines, and evidence quality across team members.
  • Set priorities, allocate workload, and ensure clarity of roles and accountability across the team.
  • Coach team members on regulatory interpretation, documentation quality, audit readiness, and stakeholder engagement.

Documentation, Evidence & Quality Oversight

  • Ensure development and maintenance of highquality compliance documentation, technical descriptions, policies, procedures, and evidence repositories.
  • Define and enforce standards for documentation quality, traceability, and audit defensibility.
  • Establish governance expectations for systems of record supporting compliance tracking and evidence management.
  • Ensure supporting documentation is maintained in the system of record.
  • Establish quality standards for documentation and evidence used in audits, certifications, and regulatory reviews.
  • Review and approve key artifacts prior to external submission or assessment activities.

Risk, Issue & Escalation Management

  • Oversee identification, assessment, and tracking of compliance risks, gaps, and remediation activities across the portfolio.
  • Has authority to escalation non-compliance and enforce remediation timelines through executive governance channels.
  • Escalate material risks, blockers, or delivery concerns to leadership with impact analysis and recommendations.
  • Ensure remediation activities are prioritized and validated.

Audit, Certification & Regulatory Engagement Support

  • Provide leadership for audit, certification, and regulatory readiness activities.
  • Oversee preparation and coordination of responses to assessments, findings, and regulatory inquiries.
  • Ensure the organization maintains a continuously auditready posture.

Reporting & Executive Communication

  • Provide regular status and readiness reporting to leadership.
  • Prepare executivelevel briefings, summaries, and decision materials.
  • Communicate clearly and consistently to enable timely decisions and alignment.

Required Skills & Competencies

  • Seniorlevel experience in cybersecurity compliance, assurance, or certification programs.
  • Proven ability to lead multiinitiative compliance portfolios.
  • Strong execution and program leadership skills applied to regulatory and certificationdriven environments.
  • Demonstrated peoplemanagement and teamdevelopment experience.
  • Strong judgment, prioritization, and escalation capabilities.
  • Excellent written and verbal communication skills.

Qualifications

  • Bachelor's degree in cybersecurity, information systems, engineering, law, or a related field required.
  • 12+ years of experience in cybersecurity, compliance, risk, product security, assurance, or related disciplines.
  • Demonstrated experience leading audits, certifications, or regulatory compliance initiatives.
  • Experience with EU CRA regulations and compliance strongly preferred.
  • Professional certifications such as CISSP, CISM, CISA, PMP, or ISO/IEC 27001 Lead Implementer strongly preferred.

Availability & Travel

  • Availability to support audit, certification, or regulatory activities during business hours, with occasional offhours engagement.
  • Occasional travel may be required for audits, assessments, or executive stakeholder engagements.

The base salary budgeted range for this position is $160k - 190K. Individuals may also be considered for bonus and/or commission.

Lenovo's various benefits can be found on www.lenovobenefits.com.

In compliance with Colorado's EPEWA, the expected application deadline for this position is August 27, 2026. This applies to both external and internal candidates.

#LI-FL1

#LI-Remote

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
Additional Locations:
* United States of America - North Carolina - Morrisville
* United States of America
* United States of America - North Carolina
* United States of America - North Carolina - Morrisville

Applied = 0

(web-77cf7d65c7-4rhzf)