Tech Program Manager IV

lululemon is a global innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in sweating, growing, connecting, and being well. About this team: The Cybersecurity GRC team are cybersecurity experts, problem solvers, insight and solution generators, and trusted compliance advisors to the business. We leverage our risk, information security and control expertise to support risk management, Cybersecurity, Regulatory Compliance and to drive continuous process improvements and cost savings. We also partner with various parts of the business (Brand, Product, Technology, and Finance, to name a few) and engage in open dialogue to tap into the creativity of our people and action innovative solutions. A day in the life: Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities. Develop a Third Party Risk Management assessment lifecycle, establish new policy, review / update existing risk management policy, standards and procedures. Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks. Optimize program capabilities in planning, organise, and integrate cross-functional information technology projects that are significant in scope and impact to the Technology Risk and Third Party Management team goals. Measure, Manage & Mature the program, track progress, drive improvemets, develop and report KPIs, KRIs, process metrics and management dashboards. Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing Technology Risk and Third Party program management process. Participate in performing Technology Risk Assessments of all new projects, technology implementations, new & existing vendor onboarding assessments Determine information security risk profiles for various systems, assets, data, vendors etc., using knowledge of lululemon policy, frameworks, standards and relevant industry best practices. Ability to conduct risk assessments, characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation. Collaborate in stakeholder management, risk articulation, communication, risk reviews, driving risk acceptance and risk treatment activities Execute automation in applying GRC work flows, tracking risk life-cycle, engaging, monitoring, remediating and reporting risks Identifies needs, develops and implements technology-related continuous improvement initiatives for the department.

lululemon is a global innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative products, commitment to our people, and the incredible connections we make in every community we're in. As we continue to elevate our shopping experience, our India Tech Hub plays a key role in expanding our technology capabilities in Product Systems, Merchandising and Planning, Digital Presence, distribution and logistics, and corporate systems. Our team in India works as an extension of the global team on projects of strategic importance.