Cyber Security Program Manager @ Techwaukee

• Support a culture of risk management, risk and control visibility with measurable risk reduction and effective reporting and governance of risk reduction activities.
• Develop a Third-Party Risk Management assessment lifecycle, establish new policy, review / update existing risk management policy, standards and procedures.
• Establish a Technology Risk Management methodology by adopting NIST RMF (SP800-37), CIS v8 Top 18, COBIT 2019, CSA CCM / CSA STAR registry or ISO 31000:2018 frameworks.
• Optimize program capabilities in planning, organize, and integrate cross-functional information technology projects that are significant in scope and impact to the Technology Risk and Third
• Party Management team goals.
• Measure, Manage Mature the program, track progress, drive improvements, develop and report KPIs, KRIs, process metrics and management dashboards.
• Maintain organizations effectiveness and efficiency by defining, delivering, and supporting strategic analysis and plans for implementing Technology Risk and Third-Party program management process.
• Participate in performing Technology Risk Assessments of all new projects, technology implementations, new existing vendor onboarding assessments
• Determine information security risk profiles for various systems, assets, data, vendors etc., using knowledge of Lululemon policy, frameworks, standards and relevant industry best practices.
• Ability to conduct risk assessments, characterize the system, identify threats / vulnerabilities, control deficiencies, likelihood determination, impact analysis, risk levels, compensatory control recommendation and results documentation.
• Collaborate in stakeholder management, risk articulation, communication, risk reviews, driving risk acceptance and risk treatment activities
• Execute automation in applying GRC workflows, tracking risk life cycle, engaging, monitoring, remediating and reporting risks
• Identifies needs, develops and implements technology-related continuous improvement initiatives for the department.

Qualifications-

• 10+ years Technology Risk Management Third-Party Risk Management experience or a combination of Cybersecurity-GRC and information security experience
• Bachelor s degree with proficiency in Management Information Systems, Technology Management or Cybersecurity
• Expertise in technical program management, particularly in areas of security, and/or technology risk management
• Demonstrated ability to analyze information and assimilate into consumable management reporting
• Professional certification such as CISM, CRISC, CISSP or PMP is a plus
• Knowledge/experience with data security and privacy regulations (e.g. NIST CSF, ISO 27001, PCI DSS, GDPR).
• Effective communication and relationship-building skills, a natural affinity for being curious and inquisitive, and an ability to work with ambiguity, analyze situations and problem solve.
• Must haves:
• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage, knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working, aka doesn t take themselves too seriously