Program Manager – Cyber Security, Third Party Risk Management
Job Description
Description
Program Manager – Cyber Security, Third Party Risk Management
Join to apply for the Program Manager – Cyber Security, Third Party Risk Management role at lululemon .
About lululemon
lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. We focus on technical fabrics and functional design to create products that support movement, growth, connection, and well-being. Our success is driven by our innovative products, store presence, commitment to our people, and community engagement. We aim to foster an equitable, inclusive, and growth-oriented environment for our team.
Team and Role Overview
The Governance, Risk, and Compliance (GRC) team are trusted cybersecurity experts and strategic advisors, focusing on risk mitigation, regulatory compliance, and operational resilience. They collaborate with departments like Brand, Product, IT, and Finance to develop innovative solutions that enhance compliance and resilience.
Key Responsibilities
- Support a risk-aware culture with measurable risk reduction through governance and data-driven reporting.
- Develop and mature a Third Party Risk Management assessment lifecycle, policies, standards, and procedures.
- Establish and maintain a Technology Risk Management methodology aligned with industry frameworks such as NIST RMF, CIS v8.1, CSA CCM/STAR, and ISO 31000:2018.
- Lead initiatives to strengthen Third Party Management program goals and capabilities.
- Track, report, and improve KPIs, KRAs, process metrics, Vendor Risk profiles, and dashboards.
- Conduct deep-dive risk assessments of Tier 0 & 1 vendors and analyze complex issues.
- Manage Vendor Incident Investigations and report findings to executives.
- Drive automation and AI adoption in GRC workflows for streamlined risk management.
- Collaborate on stakeholder management, risk communication, reviews, and risk treatment activities.
- Identify needs and implement continuous improvement initiatives for technology.
Qualifications
- 5+ years in Technology Risk, Third Party Risk, Cybersecurity, or GRC.
- Bachelor’s degree in Management Information Systems, Technology Management, or Cybersecurity.
- Strong program management and analytical skills; ability to interpret complex data.
- Certifications like CISM, CRISC, CISSP, or PMP are a plus.
- Knowledge of data security and privacy regulations (e.g., NIST, ISO 27001, PCI DSS, GDPR).
- Effective communication, relationship-building, curiosity, and problem-solving skills.
Must Haves
- Personal responsibility and acknowledgment of choices.
- Entrepreneurial spirit and innovation.
- Honest and kind communication fostering a safe environment.
- Courageous leadership, embracing greatness over fear.
- People-first mindset and trust-building.
- Fun, joy, and a light-hearted approach to work.
Additional Notes
Authorization to work in Canada is required.
Compensation & Benefits
The typical salary range is $123,500-$162,100 annually, based on market, experience, and internal factors. Benefits include health, dental, mental health, bonus programs, discounts, fitness classes, parental support, development courses, mentorship, and leadership programs. Benefits are subject to eligibility and company policy changes.
Workplace Arrangement
Hybrid model with minimum 4 days onsite per week to foster collaboration and culture.
Job Details
- Level: Mid-Senior
- Type: Full-time
- Function: Project Management & IT
- Industry: Retail
#J-18808-Ljbffr
Company
lululemon
Location
Vancouver
Country
Canada
Salary
100.000
URL