Jobs · Legal

Sr. Manager, Cyber Resilience Act Compliance

Lenovo · North Carolina, United States · 6 days ago
RemoteRemoteLegal$160k–$190k/yrFull-time

Position Summary

The Senior Manager, CRA Compliance Program serves as the enterprise execution lead for the EU Cyber Resilience Act (CRA) compliance program across in-scope products, services, and supporting systems.

Key Responsibilities

  • Compliance Portfolio Leadership

  • Program Execution

  • EU Cyber Resilience Act is a priority regulatory program with defined delivery timelines and regulatory obligations that must be met across the portfolio.

  • Lead execution of a portfolio of security compliance and certification initiatives, ensuring delivery against regulatory, certification, and customer requirements.

  • Accountable for execution delivery across the compliance portfolio.

  • Regulatory interpretation and final compliance positions are owned by designated central GRC, Legal, or Security leadership.

  • Define execution strategies, operating models, and delivery plans for supported compliance programs.

  • Maintain oversight of scope, timelines, dependencies, and milestones across the portfolio.

  • Maintain end-to-end traceability between regulatory requirements, implemented controls, and supporting evidence across all supported programs.

  • Resolve execution conflicts, manage dependencies, and drive alignment across stakeholders.

  • People Leadership

  • Organizational Management

  • Directly manage and develop subordinate contributors.

  • Ensure clear accountability for compliance deliverables, deadlines, and evidence quality across team members.

  • Set priorities, allocate workload, and ensure clarity of roles and accountability across the team.

  • Coach team members on regulatory interpretation, documentation quality, audit readiness, and stakeholder engagement.

  • Documentation, Evidence Quality Oversight

  • Ensure development and maintenance of high-quality compliance documentation, technical descriptions, policies, procedures, and evidence repositories.

  • Define and enforce standards for documentation quality, traceability, and audit defensibility.

  • Establish governance expectations for systems of record supporting compliance tracking and evidence management.

  • Ensure supporting documentation is maintained in the system of record.

  • Establish quality standards for documentation and evidence used in audits, certifications, and regulatory reviews.

  • Review and approve key artifacts prior to external submission or assessment activities.

  • Risk, Issue Escalation Management

  • Oversee identification, assessment, and tracking of compliance risks, gaps, and remediation activities across the portfolio.

  • Has authority to escalate non-compliance and enforce remediation timelines through executive governance channels.

  • Escalate material risks, blockers, or delivery concerns to leadership with impact analysis and recommendations.

  • Ensure remediation activities are prioritized and validated.

  • Audit, Certification Regulatory Engagement Support

  • Provide leadership for audit, certification, and regulatory readiness activities.

  • Oversee preparation and coordination of responses to assessments, findings, and regulatory inquiries.

  • Ensure the organization maintains a continuously audit-ready posture.

  • Reporting Executive Communication

  • Provide regular status and readiness reporting to leadership.

  • Prepare executive-level briefings, summaries, and decision materials.

  • Communicate clearly and consistently to enable timely decisions and alignment.

Required Skills

  • Senior-level experience in cybersecurity compliance, assurance, or certification programs.

  • Proven ability to lead multi-initiative compliance portfolios.

  • Strong execution and program leadership skills applied to regulatory and certification-driven environments.

  • Demonstrated people-management and team-development experience.

  • Strong judgment, prioritization, and escalation capabilities.

  • Excellent written and verbal communication skills.

Qualifications

  • Bachelor’s degree in cybersecurity, information systems, engineering, law, or a related field required.

  • 12+ years of experience in cybersecurity, compliance, risk, product security, assurance, or related disciplines.

  • Demonstrated experience leading audits, certifications, or regulatory compliance initiatives.

  • Experience with EU CRA regulations and compliance strongly preferred.

  • Professional certifications such as CISSP, CISM, CISA, PMP, or ISO/IEC 27001 Lead Implementer strongly preferred.

Availability

  • Travel Availability to support audit, certification, or regulatory activities during business hours, with occasional off-hours engagement.

  • Occasional travel may be required for audits, assessments, or executive stakeholder engagements.

Pay

The base salary budgeted range for this position is $160k - 190K.

Benefits

Lenovo’s various benefits can be found on www.lenovobenefits.com.

Application Deadline

The expected application deadline for this position is August 27, 2026. This applies to both external and internal candidates.

Equal Opportunity Employer

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.

Similar jobs