Area: China Mainland
Stato/Provincia/Città: Shanghai
Città: Shanghai
Unità Affari: Store Support Centre (SSC)
Program Manager, Incident Response
Descrizione e requisiti
Who we are
lululemon is a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world, from Vancouver to Shanghai, and places in between. We owe our success to our innovative product, our emphasis on our stores, our commitment to our people, and the incredible connections we get to make in every community we are in.
About this team
Mission and value delivery focused cybersecurity team in China is to focus to enable business growth with lululemon security guardrails ensure and cyber protection in place with effectiveness and efficiency. Team is also responsible to ensure China specific cyber requirements fulfilled.
A day in the life:
Incident response program manager leads to manage all aspects of cybersecurity incident response from initiation to conclusion. Assess the nature of the incident and determines what resources are needed to resolve the situation and restore service. Being an incident response program manager also coordinates all efforts to contain and resolve the incident, leads communications and conference calls with teams, stakeholders, vendors and others to provide incident resolutions. The role also coordinate and direct response status and result. Also the role should inform, assign, escalate and demand external support during incident cycle to ensure effective containment and root analysis.
• Managing a team of Incident responders and Threat Hunters• Defining and maintaining Information Security Incident Management Process and build procedure documents for incidents handling
• Performing forensics investigation based on logs and other data. Validate containment and remediation measures, Perform Root Cause Analysis (RCA) as vital efficiently.
• Managing, maintaining and improving Incident Response capabilities to detect, proactively hunt for and respond to sophisticated cyberattacks
• Coordinating, monitoring, and supporting general activities related to cases, investigations and risk mitigation and analysis
• Coordinating, communicating, sharing information, and working closely with various business units and teams within the company
• Periodically conducting tabletop exercises to test the readiness of IR function
• Working closely with Cybersecurity Engineering team on new monitoring rules implementation, playbooks, and other manual tasks' automation proficiently.
• Researching emerging threats to gain insight and understanding of the evolving threat landscape and its to the company.
• Ensuring continuous improvement of the Cybersecurity posture
• Owns program related resource management and 3rd party vendor management. Point of Contact for Procurement, Security, Legal, Stakeholder Management (Sponsor, Leadership, Architects)
• Develops relationships and collaborates with internal and external stakeholders across regions (NA, EMEA, APAC, China) and cross functional teams to ensure solutions meet timeline and business objectives.
• Ensures all project/program tasks are clearly understood, assigned, and tracked.
Qualifications:
• 5+ years of experience in information security or related technology experience required, experience in the retail industry or professional consulting firm is a plus.
• Strong experience on leading cybersecurity incident in communication, root cause analysis, containments, and improvements across functional teams in medium or large organization
• Strong experience on building incident communication SOP and able to run table top exercise.
• Strong in English / Chinese verbal and written skill with clear cybersecurity indicators to reflect the status of incident.
• Able to lead and operation in stress situation during incident and able to respect the fact.
• Understanding of public cloud technologies, shared responsibility model for cloud, and experience implementing or assessing cloud security controls is required.
• Ability to operate with low degree of ambiguity, leveraging existing processes and tools with guidance
• Proven experience managing budget of >=$1M capex annually or size of initiative along with experience in forecasting.
• Demonstrated ability to function in a fast paced, multi-program environment with changing priorities
• Ability to anticipate potential problems and proactively troubleshoot to resolve issues
• Strong leadership skills, including the ability to influence and gain consensus in the absence of direct authority
• Proven results working with global and remote teams across different time zones
Must haves:
• Bachelor's degree in computer science or a related discipline, or equivalent work experience required, advanced degree preferred.
• Certification in one or more of the following is a plus: CISSP, CISA, CISM, CCSK, CCSP, GCP Security Engineer, Azure Security Engineer, or similar.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.
Solo i candidati selezionati verranno contattati. Ti ringraziamo sentitamente per il tuo interesse. lululemon è un’azienda che rispetta le pari opportunità di impiego. I nostri collaboratori vengono selezionati in base al merito e alle esigenze aziendali, e non in base a etnia, colore della pelle, età, sesso, genere, orientamento sessuale, origine nazionale, religione, stato civile, stato di salute, disabilità fisica o mentale, servizio militare, stato di gravidanza, nascita di figli e condizioni mediche correlate, né ad altre categorie protette da leggi od ordinanze federali, di stato, provinciali e locali. Su richiesta, è possibile trovare soluzioni adeguate alle esigenze particolari di soggetti qualificati con disabilità. La politica sulle Pari opportunità di impiego si applica a tutte le prassi relative a reclutamento e assunzione, retribuzione, benefit, disciplina, trasferimenti e licenziamento, e a tutti gli altri termini e condizioni di impiego. È compito della dirigenza assicurarsi che le politiche sulle pari opportunità di lululemon vengano rispettate. Ciascun dipendente viene comunque chiamato ad agire nel rispetto delle stesse.
lululemon is committed to providing reasonable accommodation to applicants with disabilities. If you would like someone from our team to contact you for individualized support, email us ataccommodations@lululemon.com. In your email, please include the position title, the location of the position and the nature of your request.