Job Specifications
Your Impact
We are seeking a Senior Manager – Risk to lead a team of professionals dedicated to identifying, monitoring, and mitigating information security risks across the enterprise. In this role, you will serve as a strategic advisor and escalation point for complex cybersecurity challenges, ensuring that Lowe’s risk posture remains resilient in a rapidly evolving threat landscape.
The ideal candidate brings broad expertise in risk management, information security, and compliance—paired with the ability to influence executives, mentor global teams, and drive the maturity of the enterprise security risk program. You will help embed risk-aware decision-making into business strategies, aligning security priorities with organizational goals.
What You Will Do
Serve as an escalation point for complex security issues, ensuring risks are effectively managed or elevated to senior leadership when necessary.
Lead and mentor global teams (U.S. and India), fostering a culture of accountability, collaboration, and professional development.
Oversee the identification, monitoring, and reporting of security risks, ensuring alignment with industry trends, regulatory requirements, and business objectives.
Drive cybersecurity engagement across the enterprise, embedding security best practices into strategic initiatives and technology deployments.
Provide expert guidance on security policies, standards, and procedures, ensuring compliance with regulatory and operational risk requirements.
Lead or contribute to risk assessments, coverage plans, and monitoring activities, delivering clear, actionable reporting to stakeholders.
Partner with technical teams to identify, resolve, and mitigate risk findings in a way that balances agility with protection.
Build and maintain dashboards and executive-level reports, delivering meaningful insights on security posture, compliance, and remediation efforts.
Ensure metrics are in place to measure risk, control effectiveness, and breach remediation, using results to evolve strategy and governance.
Guide the implementation of enterprise-wide security programs, ensuring strong governance, audit readiness, and operational excellence.
Communicate a clear vision and strategy for the function, ensuring alignment across cross-functional partners and stakeholders.
Operationalize a comprehensive risk framework, including risk methodology to assess both traditional and emerging risks (e.g., AI-infused systems), and build supporting processes within the GRC tool to ensure consistency, scalability, and governance.
Minimum Qualifications
Bachelor’s degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work/military experience)
8+ years of IT experience with broad exposure across planning, analysis, and application development
4+ years of experience with information security tools, concepts, and practices
3+ years of leadership experience managing projects or teams, with proven ability to provide technical direction, thought leadership, and mentorship
Familiarity with multi-platform environments and associated security considerations
Strong project management experience, including leading multiple concurrent initiatives
Advanced analytical and reporting skills, with the ability to reconcile data and provide insights to executives
Experience in developing and operationalizing risk frameworks, applying risk methodologies (including for emerging risks such as AI-infused systems), and leveraging GRC tools to build scalable processes.
Preferred Skills & Education
Master’s degree in Computer Science, CIS, Engineering, Business Administration, or Cybersecurity.
Professional certifications such as:
CISSP – Certified Information Systems Security Professional
CISM – Certified Information Security Manager
CISA – Certified Information Systems Auditor
CRISC – Certified in Risk and Information Systems Control
PCI ISA, CEH, OSCP, GPEN, or other relevant certifications
Experience in retail technology ecosystems, including PCI and SOX regulatory scope.
Experience conducting or leading PCI-DSS assessments.
Background in infrastructure (network, servers), network architecture, and security policies.
Proven experience leading global teams and transformation initiatives.
Where You’ll Be
Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
Lowe’s supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
Most business meetings are planned around the Eastern time zone
About Lowe’s
Lowe’s Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe’s operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe’s s