Lululemon

Who we are 

lululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.

About this team

The lululemon Cybersecurity team enables lululemon to conduct its global operations in a secure manner and safeguard the trusted information of its guests and users. To effectively support lululemon’s growth as a global organization, we are seeking a Director to lead and manage our local Cybersecurity strategy and operations covering Korea across the Asia Pacific region. This is a critical leadership role that will serve as the regional executive authority on information security, ensuring alignment with global policies, while adapting to local regulatory frameworks and business priorities.

The Director will lead regional security governance, drive enterprise-wide security initiatives, and act as the primary liaison between global cybersecurity leadership and Korea regional business units. This role will be responsible for embedding security into regional operations, managing cross-border risk, ensuring compliance with local regulatory and compliance requirements, and implementing processes that facilitate cyber resilience across digital, physical, and third-party ecosystems.

A day in the life

As the Director - Cybersecurity International, you will work closely with the global Cybersecurity teams to define and execute the Korea cybersecurity strategy in alignment with the global CISO directives, enterprise risk posture, and local regulatory mandates. This role is based out of Seoul, Korea, and is ideal for someone with deep expertise in cybersecurity strategy and execution within Korea market and can actively engage with regional leadership to establish an environment of security awareness and discipline while also fulfilling specific regulatory accountabilities. This role has the potential to evolve into a broader APAC scope, in line with individual’s exposure and proven capability across different markets. Following are key areas of responsibility for this role:

• Establish and lead regional security governance forums, steering committees, and working groups across Korea market.
• Ensure consistent implementation of global security policies, standards, and frameworks across Korea and other countries where lululemon operates.
• Monitor and ensure compliance with regional cybersecurity and privacy regulations (e.g., APPI in Japan, PDPA in Singapore and Malaysia, Australia’s Privacy Act, Korea’s PIPA and K-ISMS).
• Lead regional risk assessments, audits, and certifications, and manage relationships with regulators and external auditors.
• Collaborate with the global technology risk team to track Korea security risks and drive timely risk remediation activities.
• Serve as the primary security advisor to APAC executive leadership, legal, privacy, and technology teams.
• Represent Korea across the APAC region in global security leadership forums and contribute to enterprise-wide strategic planning for security related initiatives.
• Represent the APAC region in global security leadership forums and contribute to enterprise-wide strategic planning for security related initiatives.
• Communicate risk posture, incident updates, and program performance to senior stakeholders across APAC.
• Drive implementation of enterprise security controls across regional infrastructure, applications, and cloud environments.
• Establish a security-first culture across the Korea business units through training, awareness, and leadership engagement.
• Provide regular reporting to the global CISO and APAC leadership, leveraging regional security KPIs and maturity metrics.
• Manage cross-border data transfer safeguards, contracts, and disclosures in accordance with regional laws.
• Act as primary liaison with Korean regulators (PIPC and KISA) as well as other relevant regulators across APAC markets.

Qualifications:

• Minimum 10 years of progressive experience in Cybersecurity, personal information (PI) protection, data protection, and information technology, with at least 2 years specifically in PI protection.
• Bachelor’s degree in information security, Computer Science, or related field; Master’s degree in related studies preferred.
• Proven experience managing security, privacy, and compliance programs across Korea market.
• Demonstrated experience engaging with Korean regulators (PIPC and KISA) and leading compliance programs in Korea.
• Strong knowledge of Korea’s frameworks (PIPA, K-ISMS, AI Framework Act) as well as other APAC regulations (APPI, PDPA, Privacy Act).
• Experience with cybersecurity governance, risk management, and compliance capabilities.
• Excellent communication and stakeholder engagement skills, including executive-level reporting.
• Security certifications such as CISSP, CISM, or CISA preferred.
• Must be fluent in English; proficiency in additional APAC languages (e.g., Japanese, Korean, Mandarin, or others) preferred.
• Ability to work effectively and comfortably with both technical and non-technical teams across regional boundaries and time zones.
• Ability to manage multiple projects and priorities in a fast-paced, dynamic, and highly complex environment.

Must haves:

• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results. 
• Communicates with honesty and kindness, and creates the space for others to do the same. 
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure. 
• Fosters connection by putting people first and building trusting relationships. 
• Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously.