Program Manager - – Technology Risk Management (Seattle)

RequirementsDescription & RequirementsWho we arelululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable , inclusive and growth-focused environment for our people.About This TeamThe lululemon Cybersecurity team enables lululemon to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through cybersecurity and compliance risk, and by maintaining a high degree of employee awareness of all security and compliance topics . To further enhance our team, we are looking for a Program Manager – Cybersecurity Risk, to support our Cybersecurity Technology Risk team.A Day In The LifeThe Technology Risk Management team are cybersecurity experts, problem solvers, insight and solution generators, and trusted risk & compliance advisors to the business. We leverage our risk, information security and control expertise to support risk management, IT Security, Regulatory Compliance and to drive continuous process improvements and cost savings. We also partner with various parts of the business (Brand, Product, Technology, and Finance, to name a few) and engage in open dialogue to tap into the creativity of our people and action innovative security solutions.The Program Manager – Cybersecurity risk has the following key responsibilities:• Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.• Develop a Technology Risk Management assessment lifecycle, establish new policy, review / update existing risk management policy, standards and procedures.• Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000: 2018 frameworks and PCI, SOX standards.• Optimize program capabilities in planning, organize, and integrate cross-functional information technology projects that are significant in scope and impact to the Technology Risk Management team goals.• Measure, Manage & Mature the program, track progress, drive improvements, develop and report KPIs, KRIs, process metrics and management dashboards.• Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing Technology Risk program management process.• Participate in performing Technology Risk Assessments of all new projects, technology implementations, new & existing vendor onboarding assessments• Determine information security risk profiles for various systems, assets, data, vendors etc., using knowledge of lululemon policy, frameworks, standards and relevant industry best practices.• Ability to conduct risk assessments, review architecture diagrams, data-flow maps, characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.• Collaborate in stakeholder management, risk articulation, communication, risk reviews, driving risk acceptance and risk treatment activities• Execute automation in applying GRC workflows, tracking risk life cycle, engaging, monitoring, remediating and reporting risks• Identifies needs, develops and implements technology-related continuous improvement initiatives for the department.Qualifications• 5+ years Technology Risk Management experience or a combination of IT-GRC and information security experience• Bachelor’s degree with proficiency in Management Information Systems, Technology Management or Cybersecurity• Expertise in technical program management, particularly in areas of security, and/or technology risk management• Demonstrated ability to analyze information and assimilate into consumable management reporting• Professional certification such as CISM, CRISC, CISSP , CCSP or PMP is a plus• Knowledge/experience with data security and privacy regulations (e.g., NIST CSF, ISO 27001, PCI DSS, GDPR).• Hands-on working experience of Service Now IRM / GRC modules• Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.• Thorough understanding of technology domain, stack, and skills and passion for problem solving w/ an ability to excel in an ambiguous environment• Ability to operate with low degree of ambiguity, leveraging existing processes and tools with guidance from Technology Manager• Demonstrated ability to function in a fast paced, multi-program environment with changing priorities• Strong leadership skills, including the ability to influence and gain consensus in the absence of direct authority• Proven results working with global and remote teams across different time zonesMust Haves• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.• Possesses an entrepreneurial spirit and continuously innovates to achieve great results .• Communicates with honesty and kindness and creates the space for others to do the same.• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.• Fosters connection by putting people first and building trusting relationships.• Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.Compensation And Benefits Packagelululemon’s compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $136,200 - 170,200annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program, subject to program eligibility requirements.  At Lululemon, Investing In Our People Is a Top Priority. We Believe That When Life Works, Work Works. We Strive To Be The Place Where Inclusive Leaders Come To Develop And Enable All To Be Well. Recognizing Our Teams For Their Performance And Dedication, Other Components Of Our Total Rewards Offerings Include Support Of Career Development, Wellbeing, And Personal Growth• Extended health and dental benefits, and mental health plans• Paid time off• Savings and retirement plan matching• Generous employee discount• Fitness & yoga classes• Parenthood top-up• Extensive catalog of development course offerings• People networks, mentorship programs, and leadership series (to name a few)Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.workplace arrangementThis role is classified as HYBRID under our SSC Workplace Policy:HybridIn-person collaboration is important, and much of the role can be performed remotely. Work is performed onsite at least 3 days per week.