Sr. Manager, Cyber Resilience Act Compliance
Position Summary
The Senior Manager, CRA Compliance Program serves as the enterprise execution lead for the EU Cyber Resilience Act (CRA) compliance program across in-scope products, services, and supporting systems.
Key Responsibilities
Compliance Portfolio Leadership
Program Execution
EU Cyber Resilience Act is a priority regulatory program with defined delivery timelines and regulatory obligations that must be met across the portfolio.
Lead execution of a portfolio of security compliance and certification initiatives, ensuring delivery against regulatory, certification, and customer requirements.
Accountable for execution delivery across the compliance portfolio.
Regulatory interpretation and final compliance positions are owned by designated central GRC, Legal, or Security leadership.
Define execution strategies, operating models, and delivery plans for supported compliance programs.
Maintain oversight of scope, timelines, dependencies, and milestones across the portfolio.
Maintain end-to-end traceability between regulatory requirements, implemented controls, and supporting evidence across all supported programs.
Resolve execution conflicts, manage dependencies, and drive alignment across stakeholders.
People Leadership
Organizational Management
Directly manage and develop subordinate contributors.
Ensure clear accountability for compliance deliverables, deadlines, and evidence quality across team members.
Set priorities, allocate workload, and ensure clarity of roles and accountability across the team.
Coach team members on regulatory interpretation, documentation quality, audit readiness, and stakeholder engagement.
Documentation, Evidence Quality Oversight
Ensure development and maintenance of high-quality compliance documentation, technical descriptions, policies, procedures, and evidence repositories.
Define and enforce standards for documentation quality, traceability, and audit defensibility.
Establish governance expectations for systems of record supporting compliance tracking and evidence management.
Ensure supporting documentation is maintained in the system of record.
Establish quality standards for documentation and evidence used in audits, certifications, and regulatory reviews.
Review and approve key artifacts prior to external submission or assessment activities.
Risk, Issue Escalation Management
Oversee identification, assessment, and tracking of compliance risks, gaps, and remediation activities across the portfolio.
Has authority to escalate non-compliance and enforce remediation timelines through executive governance channels.
Escalate material risks, blockers, or delivery concerns to leadership with impact analysis and recommendations.
Ensure remediation activities are prioritized and validated.
Audit, Certification Regulatory Engagement Support
Provide leadership for audit, certification, and regulatory readiness activities.
Oversee preparation and coordination of responses to assessments, findings, and regulatory inquiries.
Ensure the organization maintains a continuously audit-ready posture.
Reporting Executive Communication
Provide regular status and readiness reporting to leadership.
Prepare executive-level briefings, summaries, and decision materials.
Communicate clearly and consistently to enable timely decisions and alignment.
Required Skills
Senior-level experience in cybersecurity compliance, assurance, or certification programs.
Proven ability to lead multi-initiative compliance portfolios.
Strong execution and program leadership skills applied to regulatory and certification-driven environments.
Demonstrated people-management and team-development experience.
Strong judgment, prioritization, and escalation capabilities.
Excellent written and verbal communication skills.
Qualifications
Bachelor’s degree in cybersecurity, information systems, engineering, law, or a related field required.
12+ years of experience in cybersecurity, compliance, risk, product security, assurance, or related disciplines.
Demonstrated experience leading audits, certifications, or regulatory compliance initiatives.
Experience with EU CRA regulations and compliance strongly preferred.
Professional certifications such as CISSP, CISM, CISA, PMP, or ISO/IEC 27001 Lead Implementer strongly preferred.
Availability
Travel Availability to support audit, certification, or regulatory activities during business hours, with occasional off-hours engagement.
Occasional travel may be required for audits, assessments, or executive stakeholder engagements.
Pay
The base salary budgeted range for this position is $160k - 190K.
Benefits
Lenovo’s various benefits can be found on www.lenovobenefits.com.
Application Deadline
The expected application deadline for this position is August 27, 2026. This applies to both external and internal candidates.
Equal Opportunity Employer
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.