The Technology Security and Compliance team are cybersecurity experts, problem solvers, insight and solution generators, and trusted compliance advisors to the business. We leverage our risk, information security and control expertise to support risk management, IT Security, Regulatory Compliance and to drive continuous process improvements and cost savings. We also partner with various parts of the business (Brand, Product, IT, and Finance, to name a few) and engage in open dialogue to tap into the creativity of our people and action innovative solutions.
A day in the life:
Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks.
Participate in performing IT Risk Assessments of all new projects and technology implementations.
Determine information security risk profiles for various systems, assets, data etc., using knowledge of lululemon policy, frameworks, standards and relevant industry best practices.
Develops, updates, establish new policy and review existing risk management policy & standards.
Ability to characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.
Support and conduct context eshtablishment, risk identification, risk analysis, evaluation, treatment, documentation, communication as well as periodic monitoring / risk re-reviews.
Measure, Manage & Mature the program, track progress, drive improvemets, develop and report KPIs, KRIs, process metrics and management dashboards.
Maintain organization's effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing Technology Risk program management process.
Escalate security risk exceptions, threats, vulnerabilities, quality, performance, gaps, change control and delivery issues as required..
Ability to lead stakeholder management, risk communication, risk reviews, driving risk acceptance and risk treatment activities
Execute automation in applying GRC work flows, tracking risk life-cycle, engaging stakeholders, monitoring and reporting risks
Collaborates with other members of the Policy, Technology Security & Risk Assessment team on complex matters.
Identifies needs, develops and implements technology-related continuous improvement initiatives for the department.
We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to
HR@insightglobal.com. The EEOC "Know Your Rights" Poster is available
here.
To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:
https://insightglobal.com/workforce-privacy-policy/ .
Bachelors degree (preferably Management Information Systems). At least one of the following professional certifications: CISSP, CISA, CRISC, or ISO27001 LA
Minimum 8 - 10 years Technology risk management experience or a combination of IT-GRC and information security experience
Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.