First: Your interpretation is right, Managing a list of identified risks means making sure they don’t become impediments (or otherwise nasty problems that prevent the project from succeeding). In a pure (software) product development company, managing risks could and ideally would be the concern of the product owner. In an environment where the product owner is not used to doing projects a project manager should fulfill this role. Not that the perfect product owner is almost like a super hero: guarding vision, ROI, managing risks, perfectly knows his / her business both internally and externally etc. etc. So in practice it makes perfect sense to have a project manager on board in both environments to help out with managing things like the list of identified risks.

I am not exactly sure what you mean by managing the list. I interpret it has: Take actions to make sure the possibility of such a risk becoming an impediment (or problem) is minimal. If this is the case shouldn’t this be the product owner’s responsibility? Or is the Project Manager in your example the Product Owner?