Promoting security awareness and development.

Lululemon is looking for an information security risk manager, who will straddle the worlds of cutting edge information technology and a business that is at the forefront of innovative explosive growth. The information security team at lululemon is a business enabler that understands the technical risks of the overall environment, translates that into tangible business risk, and arrives at a happy medium that allows the company to propel forward whilst remaining secure.

What a typical day in the life of an information security risk manager looks like:
  • develop, promulgate and document the enterprise information security risk management program through an effective internal IT control framework that can demonstrate proper design and operation of the controls.

  • provide risk advisory on all matters concerning information security, compliance and privacy.

  • lead information security threat & risk assessments for multiple highly complex projects.

  • enhance security risk assessment templates, and develop new ones as required.

  • work with the IT compliance officer to review and assess compliance risk.

  • respond to audit requests and track findings, bringing resolution to all findings.

  • maintain and update the information security risk registry.

  • drive the operational and development teams towards prioritization and remediation of security vulnerabilities.

  • review contracts with 3rd party vendors for adequacy of coverage of security and compliance requirements.

  • work with the development and QA teams to ensure that security testing objectives are met.

  • drive the organization towards a constant state of compliance through the scheduling of ad-hoc penetration tests and vulnerability assessments.

  • actively monitor the global security threat and compliance risk landscape, and proactively take risk mitigation actions.

  • provide advisory on business continuity and disaster recovery strategies.

  • oversee the SSDLC and ensure that security risk and compliance objectives are addressed.

  • lead or actively participate in the corporate security awareness program.

  • participate in the change advisory board.

  • provide and present reports on information security risk metrics to senior management.

Here is the experience and knowledge that we would like you to bring with you:
  • prior experience with risk assessment methodologies such as OCTAVE, IRAM, Citicus, Harmonized TRA, etc.

  • vastly experienced in conducting security threat & risk assessments.

  • familiarity or experience with Governance, Risk & Compliance (GRC) tools.

  • experience in conducting privacy impact assessments is a nice to have.

  • solid understanding of information security concepts and architectural principles.

  • have a strong background in at least one major discipline of security, such as network, application or database security, and have a good understanding of secure data management.

  • working knowledge of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities

  • experience working in an eCommerce environment, with exposure to mobile application platforms

  • very good understanding of networking and operating system concepts and technologies

  • prior experience working in a highly regulated environment would be an asset

  • experience and ability to maintain security in a fast-paced development environment that is driven by the agile methodology

  • at least 2-3 years of experience in a similar role, and 3+ years of experience in one or more of the following roles – risk analyst, system architect, information security officer.

The Finer Print:
  • you have a strong understanding of risk, particularly business risk in your DNA and bring that to the fore in all your work.

  • the captivating speaker that you are, you have audiences riveted whenever you present.

  • you are an adept multi-tasker who can juggle multiple projects and tasks simultaneously, and prioritize them accordingly.

  • detail oriented to a fault, you do not let an issue rest until you have gotten to the core of the matter.

  • you thrive in extremely fast paced environments, and revel in the opportunity to be constantly exposed to cutting edge technology.

  • the master communicator that you are, you are equally at ease explaining security vulnerabilities to developers and QA, as you are explaining business risk to senior management.

  • ever the charmer, you can drive teams towards security and compliance goals with a smile.

  • you are a compulsive documenter, who loves whipping up architectural design and procedural documents.

  • you bring with you a clutch of relevant certifications that stamp your training and knowledge in the area.

If you are interested in this opportunity, please reach out to:

Lara Janze, Talent Scout at lululemon

This entry was posted in Community, Industry, tagged Security and posted on May 28, 2017