We are Lenovo. We do what we say. We own what we do. We WOW our customers.
Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world's largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo's continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).
This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.
Make a Regional Impact in Privacy Cybersecurity
We're looking for a legally trained professional who thrives at the intersection of privacy, cybersecurity, and technology. In this role, you'll advise business and legal stakeholders across APshaping our compliance posture, guiding incident response, and helping design governance frameworks that keep our products and operations resilient. You'll collaborate daily with InfoSec, Product Security, IT, Risk, Legal Compliance, and business units to embed privacybydesign and strengthen cyber readiness.
You'll be the goto counsel for evolving AP regulationsfrom Singapore's PDPA and Cybersecurity Act to India's DPDPA and CERTIn directions, Australia's cybersecurity reforms, South Korea's Network Act, and moretranslating law into practical guidance for engineers and operators.
What You'll Do
Compliance, regulatory monitoring risk management
- Track developments in AP privacy and cybersecurity laws, with a focus on CII/NCII designation impacts, data localisation, and crossborder transfers; maintain our AP requirements database.
- Map cybersecurity legal obligations across AP and identify practice gaps; drive remediation plans.
- Support implementation of ISO27001 and NIST CSF aligned frameworks; help prepare for regulatory inquiries and audits.
Legal advisory on cybersecurity laws
- Interpret and apply key cybersecurity legislation and guidelines, including Singapore's Cybersecurity Act (CII, licensing), Malaysia's Cyber Security Act 2024, India's IT Act/CERTIn and DPDPA, and relevant sectoral rules.
- Advise stakeholders on licensing obligations for cybersecurity service providers; coordinate applications where needed.
- Develop training materials and deliver briefings on AP cybersecurity legal risks and best practices.
Privacy cybersecurity collaboration
- Partner with product and IT engineering to embed privacybydesign/bydefault; advise on data minimization, consent, retention, and access control.
- Review designs/architectures to identify privacy and cyber impacts early; document technical organizational measures protecting personal data.
Contractual vendor risk
- Draft, review and negotiate privacy and cybersecurity provisions (indemnities, data protection, breach notification, audits).
- Assess thirdparty vendor privacy/cyber risks; support procurement with DPAs, SCCs/BCRs where applicable.
Incident response crisis management
- Partner with security teams to investigate suspected or actual incidents.
- Lead breach assessment and regulatory reporting; draft communications to regulators, customers and affected individuals as required.
Data privacy program support
- Assist senior privacy counsels with privacy reviews, gap assessments, and managing data localisation risks across AP.
Required
What you'll bring
- JD or LLB with 8+ years in cybersecurityrelated legal roles (preferably tech or ITled organizations).
- Demonstrated ability to advise across AP markets with strong knowledge of major privacy/cyber laws (Australia, Japan, South Korea, India, Singapore, Malaysia, etc.) and frameworks (ISO27001, NIST CSF).
- Handson experience with incident response and regulatory engagement.
- Excellent communication and stakeholder management across technical and nontechnical teams.
- Fluency in English (written spoken); Mandarin is a plus; additional AP languages (Japanese/Korean) appreciated.
Preferred
- Certifications such as CIPP/E, CIPT, CIPM, CISSP (or equivalent).
- Familiarity with IT systems, data architecture, or enterprise data management tools.
- Experience in a multinational environment or global privacy program.
- Proficiency in one additional language (e.g., Mandarin, Japanese, Korean).
We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.
