Senior Technology Manager - Vulnerability Management and Application Security - - 57297

Descrizione e requisiti

who we are

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

about this team

As the Senior Technology Manager for Vulnerability Management and Application Security, you will be a key leader within the Technology organization, responsible for shaping and executing the vision for secure, resilient, and compliant application ecosystems across a rapidly scaling global business. You will lead a team of security engineers and program managers focused on embedding vulnerability management and secure development practices into every layer of our technology stack. As the leader of this team, you will drive the development and implementation of security frameworks, controls, and tooling that support proactive risk identification, remediation, and governance across applications and infrastructure. You will partner closely with engineering, product, and compliance teams to ensure our platforms are not only innovative but also defensible and aligned with regulatory expectations.

core responsibilities:

Leadership & Strategy – develop, lead, and mentor a team of security engineers and PMs/scrum leads focused on identifying and prioritizing vulnerabilities in our environment, and working with application teams on remediations
Vulnerability Identification and Prioritization – Lead the identification, categorization, and prioritization of security vulnerabilities using CVSS scoring, business impact assessments, and threat modeling frameworks
Application Security Oversight – Embed secure development practices across the SDLC, including threat modeling, secure coding, and DevSecOps integration, ensuring alignment with regulatory frameworks
Security Strategy & Architecture – define and execute the security strategy for vulnerability management and application security aligned with enterprise risk, GRC, and business goals and objectives
Technical Guidance and Execution – provide hands-on technical leadership in designing and implementing security controls, scanning for vulnerabilities, guide threat modelling, vulnerability assessments, and secure designs for our cloud environments and applications
Governance and Compliance Alignment – collaborate with GRC and legal teams to ensure vulnerability management practices align with internal policies and external compliance requirements
Reporting and Metrics – produce operational reports on vulnerability status, risk exceptions, and remediation progress, providing visibility to leadership and informing strategic decisions
Security Tooling and Automation – scale vulnerability remediation through automation and integrations with scanning tools and lead efforts to operationalize detection and response capabilities
Vendor partnership & management – evaluate, onboard, and manage third-party vendors and tools related to vulnerability management and application security; ensure vendor solutions meet internal security standards and risk due diligence processes
Budget management – develop and manage the team’s operational and project budgets, ensuring alignment with strategic priorities; track and report on budget performance identifying opportunities for cost optimization

qualifications:

8-10 years of experience enabling key business priorities through the successful delivery and support of cyber programs and initiatives
Deep understanding of regulatory frameworks including NIST, SOX, PCI, GDPR and other global data privacy regulations with the ability to translate these into actionable technical and operational controls
Proven track record in identifying, assessing, and remediating vulnerabilities across complex enterprise environments, including cloud-native and hybrid architectures
Experience implementing secure development lifecycle practices, including threat modelling, secure coding, and automated testing (SAST/DAST)
6+ years of people leadership experience, managing diverse, high-performing teams across multiple geographies and time zones
Demonstrated success in building and sustaining inclusive, growth-oriented teams with a strong emphasis on diversity, equity, and individual development
Strong analytical and stakeholder management skills, with a history of using metrics and reporting to drive prioritisation and communicate risk posture
Experience managing vendor relationships and overseeing CAPEX and OPEX budgets to ensure efficient investment in security tooling and services

must haves

Acknowledge the presence of choice in every moment and take personal responsibility for your life.
Possess an entrepreneurial spirit and continuously innovate to achieve great results.
Communicate with honesty and kindness and create the space for others to do the same.
Lead with courage, knowing the possibility of greatness is bigger than the fear of failure.
Foster connection by putting people first and building trusting relationships.
Integrate fun and joy as a way of being and working, aka doesn’t take yourself too seriously.

additional notes

Authorization to work in Canada is required for this role.

compensation and benefits package

lululemon’s compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $158,900 - $208,500 annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program, subject to program eligibility requirements.  

At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:

Extended health and dental benefits, and mental health plans
Paid time off
Savings and retirement plan matching
Generous employee discount
Fitness & yoga classes
Parenthood top-up
Extensive catalog of development course offerings
People networks, mentorship programs, and leadership series (to name a few)

Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.

workplace arrangement

In-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.

Lululemon

Ti stavamo aspettando.

Senior Technology Manager - Vulnerability Management and Application Security

Descrizione e requisiti

Sei pronto a unirti a noi?