Director, Legal (Privacy)

Region: United States of America

State: Washington

City: Seattle

Business Unit: Store Support Centre (SSC)

Time Type: Full-time

Description & Requirements

Who We Are

At lululemon, we work together to elevate the world. We set audacious goals, nurture big growth and engineer innovative products that allow people to feel—and perform—their best. To us, leadership is more than a role or title—it’s a way of being. We are all leaders, committed to growth and results.

Together, we’re co-creating a future that otherwise wouldn’t exist. To do that, we’re looking for people who unite diverse perspectives to lean into bold visions. Who strive to be better than they were yesterday. Who are all in, in everything they do. 

We’re looking for you. Join us.

About This Team

We are self-described “legal outliers." Our vision is to inspire and educate, provide value from beginning to end and create an environment where work enriches life, and life enriches work. We believe in “the sweat life" - sweat, relationships and personal development - and we live it every day. Specifically for the Privacy Team: At lululemon, we recognize that a key to our business is building and maintaining the trust of our guests, partners, and employees.

We’re looking for an experienced attorney to lead our Global Privacy Program. In this role, you’ll be responsible for understanding and advising cross-functional partners on various global privacy regulations including the collection, use, and sharing of personal data in accordance with regulatory and contractual requirements. As the Director of Privacy, you will be responsible for building and managing relationships with cross-functional teams’ leaders to execute privacy related initiatives and issues and serve as a privacy resource to the organization. In addition to leading the Privacy team, you will also work alongside your legal colleagues on privacy matters worldwide. 


  • Build strong cross-functional relationships that support and enable marketing, customer engagement, and product support teams to achieve successful business outcomes.
  • Manage daily operations of the program, development, implementation, and maintenance of policies and procedures, monitoring program compliance, and tracking of incidents and ensuring rights in compliance with global privacy laws and regulations. 
  • Provide timely and pragmatic legal advice to business leaders, including proactively identifying recurring issues and developing recommendations pertaining to AdTech and MarTech, use of cookies and tracking technologies, and compliance with marketing-related regulations.
  • Stay informed of applicable laws, regulations and industry guidance that may impact marketing and marketing uses of personal data, including through changes to data privacy laws.
  • Manage Privacy Program governance, including DPO relationship and Privacy and Security Steering Committees.
  • Ensures privacy forms, policies, standards, notices, and procedures are up-to-date and reflect current organizational practices and legal requirements.
  • Collaborate with the office of the CISO to ensure alignment between security and privacy compliance programs including policies, practices, investigations, and acts as a liaison to the Technology team.
  • Working with the team and the AGC, Senior Director, create and manage Privacy Program roadmap and associated projects.
  • Lead efforts to build the Privacy Program roadmap, manage Privacy Steering Committee updates and support annual compliance updates. 
  • Execute training and awareness programs to ensure employees have a fundamental understanding of privacy policies and requirements, including targeted training for employees that process or are exposed to personal information.
  • Manage outside counsel on matters related to privacy, security and other associated issues.
  • Mentor, coach and develop team members.

Required Skill and Expertise

  • Demonstrates knowledge of key compliance obligations for state, federal, and international regulations and laws pertaining to the use of personal data, including, but not limited to, the CAN-SPAM Act, PIPEDA, PIPL, COPPA, the ePrivacy Regulation, and email marketing laws worldwide.
  • Understanding of core privacy and data protection principles under the GDPR and/or CCPA, online privacy laws, and best practices.
  • Experience building and maintaining a global privacy program.
  • Strong relationship-building, problem-solving, and collaboration skills and the ability to effectively influence and communicate privacy-related concepts.
  • Proven ability to successfully multi-task, remain responsive and agile to changes in business priorities, and to deliver pragmatic, risk-based recommendations to the business.
  • Demonstrated ability to work and manage time spent on projects independently and with little supervision while performing duties.
  • Minimum of 7 years (Senior Counsel) or 10 years (Director) direct experience in the legal practice of privacy, marketing, or technology law, with increasing responsibility and team management.
  • In-house experience strongly preferred.
  • Experience guiding teams in implementing privacy compliance project such as marketing preference centers, cookie management tools, and DSAR webforms.

Must Haves

  • Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
  • Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
  • Communicates with honesty and kindness, and creates the space for others to do the same.
  • Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
  • Fosters connection by putting people first and building trusting relationships.
  • Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.