Sr Manager, Information Security - Risk

Your Impact
We are seeking a Senior Manager - Risk to lead a team of professionals dedicated to identifying, monitoring, and mitigating information security risks across the enterprise. In this role, you will serve as a strategic advisor and escalation point for complex cybersecurity challenges, ensuring that Lowe's risk posture remains resilient in a rapidly evolving threat landscape.
The ideal candidate brings broad expertise in risk management, information security, and compliance-paired with the ability to influence executives, mentor global teams, and drive the maturity of the enterprise security risk program. You will help embed risk-aware decision-making into business strategies, aligning security priorities with organizational goals.
What You Will Do

• Serve as an escalation point for complex security issues, ensuring risks are effectively managed or elevated to senior leadership when necessary.
• Lead and mentor global teams (U.S. and India), fostering a culture of accountability, collaboration, and professional development.
• Oversee the identification, monitoring, and reporting of security risks, ensuring alignment with industry trends, regulatory requirements, and business objectives.
• Drive cybersecurity engagement across the enterprise, embedding security best practices into strategic initiatives and technology deployments.
• Provide expert guidance on security policies, standards, and procedures, ensuring compliance with regulatory and operational risk requirements.
• Lead or contribute to risk assessments, coverage plans, and monitoring activities, delivering clear, actionable reporting to stakeholders.
• Partner with technical teams to identify, resolve, and mitigate risk findings in a way that balances agility with protection.
• Build and maintain dashboards and executive-level reports, delivering meaningful insights on security posture, compliance, and remediation efforts.
• Ensure metrics are in place to measure risk, control effectiveness, and breach remediation, using results to evolve strategy and governance.
• Guide the implementation of enterprise-wide security programs, ensuring strong governance, audit readiness, and operational excellence.
• Communicate a clear vision and strategy for the function, ensuring alignment across cross-functional partners and stakeholders.
• Operationalize a comprehensive risk framework, including risk methodology to assess both traditional and emerging risks (e.g., AI-infused systems), and build supporting processes within the GRC tool to ensure consistency, scalability, and governance.

Minimum Qualifications

• Bachelor's degree in Computer Science, CIS, Engineering, Business Administration, Cybersecurity, or related field (or equivalent work/military experience)
• 8+ years of IT experience with broad exposure across planning, analysis, and application development
• 4+ years of experience with information security tools, concepts, and practices
• 3+ years of leadership experience managing projects or teams, with proven ability to provide technical direction, thought leadership, and mentorship
• Familiarity with multi-platform environments and associated security considerations
• Strong project management experience, including leading multiple concurrent initiatives
• Advanced analytical and reporting skills, with the ability to reconcile data and provide insights to executives
• Experience in developing and operationalizing risk frameworks, applying risk methodologies (including for emerging risks such as AI-infused systems), and leveraging GRC tools to build scalable processes.

Preferred Skills & Education

• Master's degree in Computer Science, CIS, Engineering, Business Administration, or Cybersecurity.
• Professional certifications such as:
• CISSP - Certified Information Systems Security Professional
• CISM - Certified Information Security Manager
• CISA - Certified Information Systems Auditor
• CRISC - Certified in Risk and Information Systems Control
• PCI ISA, CEH, OSCP, GPEN, or other relevant certifications
• Experience in retail technology ecosystems, including PCI and SOX regulatory scope.
• Experience conducting or leading PCI-DSS assessments.
• Background in infrastructure (network, servers), network architecture, and security policies.
• Proven experience leading global teams and transformation initiatives.

Where You'll Be

• Associates are required to relocate to the Charlotte region to foster collaboration and facilitate improved testing and support.
• Lowe's supports a Flex Office concept where in-person work is required two days per week at the Charlotte Tech Hub
• Most business meetings are planned around the Eastern time zone

About Lowe's
Lowe's Companies, Inc. (NYSE: LOW) is a FORTUNE® 50 home improvement company serving approximately 16 million customer transactions a week in the United States. With total fiscal year 2024 sales of more than $83 billion, Lowe's operates over 1,700 home improvement stores and employs approximately 300,000 associates. Based in Mooresville, N.C., Lowe's supports the communities it serves through programs focused on creating safe, affordable housing, improving community spaces, helping to develop the next generation of skilled trade experts, and providing disaster relief to communities in need. For more information, visit www.lowes.com
Lowe's is an equal opportunity employer and administers all personnel practices without regard to race, color, religious creed, sex, gender, age, ancestry, national origin, mental or physical disability or medical condition, sexual orientation, gender identity or expression, marital status, military or veteran status, genetic information, or any other category protected under federal, state, or local law.