AP Privacy Operations Specialist

We are Lenovo. We do what we say. We own what we do. We WOW our customers.

Lenovo is a US$69 billion revenue global technology powerhouse, ranked #196 in the Fortune Global 500, and serving millions of customers every day in 180 markets. Focused on a bold vision to deliver Smarter Technology for All, Lenovo has built on its success as the world's largest PC company with a full-stack portfolio of AI-enabled, AI-ready, and AI-optimized devices (PCs, workstations, smartphones, tablets), infrastructure (server, storage, edge, high performance computing and software defined infrastructure), software, solutions, and services. Lenovo's continued investment in world-changing innovation is building a more equitable, trustworthy, and smarter future for everyone, everywhere. Lenovo is listed on the Hong Kong stock exchange under Lenovo Group Limited (HKSE: 992) (ADR: LNVGY).

This transformation together with Lenovo's world-changing innovation is building a more inclusive, trustworthy, and smarter future for everyone, everywhere. To find out more visit www.lenovo.com, and read about the latest news via our StoryHub.

The Privacy Operations Specialist will play a critical role in operationalizing the company's global privacy framework through proactive privacy risk management, privacy-by-design integration, and data governance excellence. This role will focus on conducting privacy risk assessments, ensuring compliance with global cross-border data transfer requirements, and supporting enterprise data governance initiatives through accurate data mapping and transfer impact assessments.

Working closely with product development and IT teams across Asia, and collaborating with senior privacy counsels globally, this specialist will help ensure that privacy standards are consistently applied across business processes, products, and technologies, maintaining the company's commitment to responsible data handling and global compliance.

Key Responsibilities

• Privacy Risk Assessment and Review
• Conduct privacy risk assessments and Data Protection Impact Assessments (DPIAs) for new and existing products, platforms, and IT systems.
• Evaluate data flows, system designs, and vendor engagements to identify and mitigate privacy risks.
• Track remediation actions and maintain records to demonstrate accountability and compliance.
• Continuously enhance templates, guidance, and processes for privacy assessments.
• Privacy by Design Coordination
• Collaborate with product and IT engineering teams across Asia to embed privacy by design and by default principles in product development and IT lifecycle management.
• Provide practical guidance on data minimization, consent, retention, and access control.
• Participate in design and architecture reviews to identify potential privacy impacts early.
• Cross-Border Data Transfer Compliance
• Support the assessment and documentation of cross-border data transfers to ensure compliance with global data protection requirements (e.g., GDPR, LGPD China PIPL).
• Work with IT, legal, and business teams to map international data flows and implement appropriate safeguards.
• Assist in maintaining global records of transfer mechanisms and update them in response to evolving regulations.
• Cookie Compliance Management
• Review and approve cookie consent banners, privacy notices, and preference centers to ensure regulatory compliance and user transparency.
• Partner with IT, digital marketing, and web development teams to ensure compliant deployment and maintenance of cookies on websites and apps.
• Support the Privacy Operations team in responding to Data Subject Access Requests (DSARs) related to cookies and online identifiers.
• Global Privacy Program Support
• Assist senior privacy counsels in implementing global privacy standards, frameworks, and operational processes.
• Ensure regional practices align with the global privacy program and support harmonized execution.
• Contribute to global projects, audits, and metrics reporting to drive continuous improvement.
• Stakeholder Collaboration and Enablement
• Act as a key liaison between Legal, IT, Product, and Security teams to operationalize privacy controls.
• Deliver privacy training and awareness programs for product, engineering, and business teams.
• Support internal reporting on privacy risk trends, assessment outcomes, and mitigation efforts.
  
  

Qualifications

Required:

• Bachelor's degree in Law or Computer Science, or a related field.
• Minimum 2-5 years of experience in privacy operations, data protection, or compliance, preferably in a technology or IT-driven organization.
• Demonstrated experience in conducting privacy impact assessments (PIAs/DPIAs) and advising on privacy by design.
• Working knowledge of cross-border data transfer frameworks (e.g., SCCs, BCRs, CBPR, PIPL requirements).
• Experience supporting data governance activities such as data mapping and record of processing maintenance.
• Strong understanding of major global privacy laws (GDPR, CCPA/CPRA, and key Asian data protection laws).
• Excellent communication and collaboration skills across technical and non-technical teams.
  
  

Preferred

• Professional privacy certification such as CIPP/E, CIPP/A, CIPM, or equivalent.
• Familiarity with IT systems, data architecture, or enterprise data management tools.
• Experience working within a multinational organization or global privacy program.
• Fluent Mandarin is a plus.
  
  

Key Competencies

• Analytical and detail-oriented with strong risk evaluation and documentation skills.
• Technically conversant and comfortable engaging with IT and engineering teams.
• Strong knowledge of international data transfer and governance requirements.
• Excellent cross-cultural communication and stakeholder management abilities.
• Organized, proactive, and capable of managing multiple concurrent assessments.
• Committed to promoting privacy accountability, transparency, and ethical data use.
  
  

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, national origin, status as a veteran, and basis of disability or any federal, state, or local protected class.