lululemon

Job Summary
Responsible for the execution of the Information Security Architecture, including design, plan and review cybersecurity capabilities to provide best balance in business vale and cyber protection. It is also including planning, implementing, and validating security systems; defining security standards, policies, and procedures; collaborative support to cross teams in the development and assessment of security requirements; mentoring team members. Performs all duties in accordance with the Company’s policies and procedures, China cybersecurity and data laws and regulations, wherein the Company operates. Key purpose of this role is to maintain cybersecurity strategy, roadmap, risk prioritization covering digital and technology landscape to support China business objectives and growth

Responsibilities

• Define China cybersecurity roadmap and plans to enable business growth and objectives.
• Work closely with company stakeholders to ensure cybersecurity service addresses business needs
• Manage security requirements roadmap and backlog with priority by evaluating business strategies and performing regular threat analysis to keep up-to-date on the security landscape, including data security, cloud security, application security and DevSecOps
• Provide guidance and support to engineering teams during the design, build, implementation and support procedures for enterprise-class security systems.
• Oversee the design and execution of security architecture elements to mitigate threats as they emerge.
• Create solutions that balance business requirements with information and cybersecurity requirements
• Assist as necessary and respond immediately to security-related incidents and provide thorough remedial solutions and analysis.
• Prepares cybersecurity reports and metrics by collecting, analyzing, and summarizing data and trends.
• Treats people with respect; keeps commitments; inspires the trust of others; works ethically and with integrity; upholds organizational values; accepts responsibility for own actions.

Key Decisions

• Cybersecurity strategy and roadmap
• Cybersecurity China capabilities matrix and priorities
• Business cyber risk landscape
• Issue and Risk backlog and prioritization
• Tech project review and approval
• Reports and metrics reflect on cyber priorities

Qualifications

• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
• Minimum 10 years of experience in information security or related technology experience required experience in the retail industry or professional consulting firm is a plus.
• Working knowledge of frameworks such as ITIL, NIST 800-53, ISO 27000 is required.
• Good understanding on cybersecurity laws and regulations
• Certification in one or more of the following is a plus: CISSP, CISA, CISM, CCSK, CCSP, GCP Security, Azure Security Engineer, or similar.
• Understanding of public cloud technologies, shared responsibility model for cloud, and experience implementing or assessing cloud security controls is required.