Program Manager - Cyber Security, 3rd Party Risk Management

Program Manager - Cyber Security, Third Party Risk Management

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in.

As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

The Governance, Risk, and Compliance (GRC) team are trusted cybersecurity experts and strategic advisors, driving risk mitigation, regulatory compliance, and operational resilience across the organization. We collaborate closely with key business functions including Brand, Product, IT, and Finance to foster open dialogue, unlock creativity, and implement innovative, forward-thinking solutions that strengthen our compliance posture and enhance operational resilience.

• Support a culture of risk management, stakeholder risk awareness with measurable risk reduction through effective governance and data‑driven reporting.
• Develop & mature a Third Party Risk Management assessment lifecycle, policies, standards and procedures.
• Establish & maintain a Technology Risk Management methodology aligned with industry frameworks such as NIST RMF (SP800‑37), CIS v8.1, CSA CCM/STAR, and ISO 31000:2018
• Lead strategic, cross‑functional initiatives to strengthen Third Party Management program goals & capabilities
• Measure, Manage & Mature the program, track progress, drive improvements, develop and report KPIs, KRAs, process metrics, Vendor Risk profiles and management dashboards.
• Lead & execute deep‑dives risk assessments of Tier0 & 1 vendors, analyze complex risk issues, manage Vendor Incident Investigations and deliver clear, actionable reporting to Executive stakeholders.
• Drive automation and AI adoption in GRC workflows to streamline risk lifecycle management, monitoring, remediating and reporting risks.
• Identify needs, develop and implement technology‑related continuous improvement initiatives for the department.

• 5+ years of experience in Technology Risk, Third Party Risk, Cybersecurity, or GRC.
• Bachelor’s degree with proficiency in Management Information Systems, Technology Management or Cybersecurity.
• Strong program management and analytical skills; ability to translate complex data into insights.
• Professional certification such as CISM, CRISC, CISSP or PMP are a plus.
• Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
• Effective communication and relationship‑building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and solve complex problems.

• Acknowledge the presence of choice in every moment and take personal responsibility for your life.
• Possess an entrepreneurial spirit and continuously innovate to achieve great results.
• Communicate with honesty and kindness and create the space for others to do the same.
• Lead with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Foster connection by putting people first and building trusting relationships.
• Integrate fun and joy as a way of being and working, aka doesn’t take yourself too seriously.

Authorization to work in the US is required for this role.

lululemon’s compensation offerings are grounded in a pay‑for‑performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $136,200-$178,700
annually ; the base pay offered is based on market location and may vary depending on job‑related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual…