Technology Director - Governance, Risk, and Compliance (GRC)

地域: Canada

都道府県/ 州 / 州/省/県 / 市区町村: British Columbia

市区町村: Vancouver

ビジネスユニット: Store Support Centre (SSC)

時間タイプ: Full-time

詳細と要件


who we are

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

 

about this team

The Cybersecurity team enables lululemon to operate securely at a global scale by embedding security into how we build, ship, and run technology. We partner across technology and business teams to manage risk, protect guest and company data, and ensure compliance with global regulatory requirements while enabling innovation and growth.


As Director, Governance Risk & Compliance (GRC), you own end-to-end delivery for the GRC domain, spanning governance, risk, and compliance and GRC engineering. You translate the evolving regulatory and privacy landscape into actionable strategies, programs, and investments. You lead multiple teams, establish standards, and make deliberate trade-off decisions that balance risk reduction, operational resilience, and business velocity. This role is accountable for compliance, cybersecurity audits, program execution, and building a high-performing leadership bench.

 

core responsibilities

  • Own GRC delivery, ensuring effective controls, risk management, and measurable capabilities & maturity
  • Define and execute GRC strategy, including risk management, compliance, and policy governance aligned to global standards (e.g., NIST, ISO)
  • Translate threat landscape, regulatory requirements, and business priorities into multi-quarter security programs and roadmaps
  • Support SOX through the second line-of-defense responsibilities and support first line control owners
  • Lead and develop multiple teams, building a strong leadership bench and scalable operating model
  • Oversee cybersecurity risk assessments, control effectiveness, and mitigation strategies across systems and programs
  • Own executive reporting on security posture, risk, and compliance, driving informed decision-making
  • Manage cross-functional stakeholder relationships and influence senior leaders across technology and business
  • Lead budget, investment planning, and resource allocation aligned to risk-based priorities
  • Provide leadership during critical incidents and major security events

 

qualifications

  • 12–15+ years of experience in cybersecurity, technology risk, or related fields with 4+ years in senior leadership roles
  • Bachelor’s degree in STEM or related field; advanced degree or certifications preferred
  • Experience leading multi-team cybersecurity functions including GRC, engineering, and/or operations
  • Deep knowledge of security frameworks and regulatory requirements (NIST, ISO 27001,CCPA/CPPA,SOX, PCI, GDPR, etc.)
  • Proven ability to translate risk and threat landscape into executable strategy and investment priorities
  • Strong experience with risk assessment, governance, and cybersecurity program delivery at scale

 

must haves

  • Acknowledge the presence of choice in every moment and take personal responsibility for your life.
  • Possess an entrepreneurial spirit and continuously innovate to achieve great results. 
  • Communicate with honesty and kindness and create the space for others to do the same. 
  • Lead with courage, knowing the possibility of greatness is bigger than the fear of failure. 
  • Foster connection by putting people first and building trusting relationships. 
  • Integrate fun and joy as a way of being and working, aka doesn’t take yourself too seriously. 

 

additional notes 

Authorization to work in Canada is required for this role 

 

compensation and benefits package 

lululemon’s compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $196,600 - $258,100 annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program and equity offerings, subject to program eligibility requirements.  
 

At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:

  • Extended health and dental benefits, and mental health plans 
  • Paid time off 
  • Savings and retirement plan matching 
  • Generous employee discount 
  • Fitness & yoga classes 
  • Parenthood top-up 
  • Extensive catalog of development course offerings 
  • People networks, mentorship programs, and leadership series (to name a few) 

 

Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.

 
workplace arrangement

Hybrid 

In-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.


#LI-AF1