Project Manager, Governance Risk Compliance

Ubicación: China Mainland

Estado/Provincia/Ciudad: Shanghai

Ciudad: Shanghai

Sectores Empresarial: Store Support Centre (SSC)

Description & Requirements

Who we are  

lululemon is a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world, from Vancouver to Shanghai, and places in between. We owe our success to our innovative product, our emphasis on our stores, our commitment to our people, and the incredible connections we get to make in every community we are in. 

About this team 

Mission and value delivery focused cybersecurity team in China is to focus to enable business growth with lululemon security guardrails ensure and cyber protection in place with effectiveness and efficiency. Team is also responsible to ensure China specific cyber requirements fulfilled.  

A day in the life:  

The program manager of cybersecurity governance and compliance focus to enable business growth during rapid changing cybersecurity risk & data regulations in China. He / She leads cross board data transfer (CBDT) regulation compliant work from tech side to provide company-value-first compliant tactics and drives to delivery great result with respective teams. This role also works as interface during cybersecurity inspection from department of police in China. As GRC role, leading security awareness program in China provides her the great recognition from senior business leaders. All above has demonstrated her consistent strong performance and critical for business. This role takes extended to lead data protection in China. the role is to build the data flow map, plan for protection controls point in roadmap, and to be the security assessment point on data protection into each of fast pasting projects. His / her unique skillset is critical for data protection program from China market and connects cross the global. The new role also drives efficiency through automation for ‘Security-by-design’ program. The security checkpoints have been moved into design phase of the China projects, and 95% of the China projects have been tracked into unified security porta. This provides great value to business and tech team to ensure cyber risk transparency and being consistent into business objectives.

This role will work closely with the business/product partners, technology/business stakeholders, architecture, portfolio & core delivery teams, also including:
  • Build cybersecurity compliance roadmap and governance controls processes
  • Assess security control effectiveness to support business initiatives
  • Provide cross team cyber awareness and security simulation fulfillment
  • Provide security review and approval for new projects and initiatives
  • Unblocks the team and proactively problem solves as needed throughout the program lifecycle with guidance 
  • Effectively identifies and solves for potential risks, issues, and development strategies to prevent realization of risks while providing transparency to the applicable stakeholders 
  • Owns program related resource management and 3rd party vendor management. Point of Contact for Procurement, Security, Legal, Stakeholder Management (Sponsor, Leadership, Architects) 
  • Develops relationships and collaborates with internal and external stakeholders across regions (NA, EMEA, APAC, China) and cross functional teams to ensure solutions meet timeline and business objectives. 
  • Ensures all project/program tasks are clearly understood, assigned, and tracked. 

Qualifications: 
  • 5+ years of experience in information security or related technology experience required experience in the retail industry or professional consulting firm is a plus.
  • Proven track records to lead medium or large organization to continue compliant cybersecurity laws and regulations in China and for rest of the world
  • Good understand on enterprise risk management for Cybersecurity and have experience to lead program for cyber risk mitigation with cross function teams collaborations.
  • Thorough understanding of technology domain, stack, and skills. 
  • Proven experience in leading the strategic path and delivery of multiple portfolio management capabilities such as but not limited to, onboarding, recruiting, vendor management, capacity management, resource management, annual planning process, workforce management etc.  
  • Ability to operate with low degree of ambiguity, leveraging existing processes and tools with guidance
  • Passion for problem solving w/ an ability to excel in an ambiguous environment 
  • Demonstrated ability to function in a fast paced, multi-program environment with changing priorities 
  • Ability to anticipate potential problems and proactively troubleshoot to resolve issues 
  • Strong leadership skills, including the ability to influence and gain consensus in the absence of direct authority 
  • Proven results working with global and remote teams across different time zones 
Must haves: 
  • Great track record of leading medium to large organization to compliance with cyber regulations in China and Internation
  • Working knowledge of frameworks such as ITIL, NIST 800-53, ISO 27000 is required
  • Understanding of public cloud technologies, shared responsibility model for cloud, and experience implementing or assessing cloud security controls is required.
  • Acknowledges the presence of choice in every moment and takes personal responsibility for their life. 
  • Possesses an entrepreneurial spirit and continuously innovates to achieve great results.  
  • Communicates with honesty and kindness and creates the space for others to do the same.  
  • Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.  
  • Fosters connection by putting people first and building trusting relationships.