Lululemon

Technology Director - Governance, Risk, and Compliance (GRC)

Lululemon$205K — $270K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12-15+ years of experience in cybersecurity, technology risk, or related fields with 4+ years in senior leadership roles
  • Bachelor's degree in STEM or related field; advanced degree or certifications preferred
  • Experience leading multi-team cybersecurity functions including GRC, engineering, and/or operations
  • Deep knowledge of security frameworks and regulatory requirements (e.g., NIST, ISO 27001, CCPA/CPPA, SOX, PCI, GDPR)
  • Proven ability to translate risk and threat landscape into executable strategy and investment priorities
  • Strong experience with risk assessment, governance, and cybersecurity program delivery at scale

Responsibilities

  • Own GRC delivery, ensuring effective controls, risk management, and measurable capabilities & maturity
  • Define and execute GRC strategy, including risk management, compliance, and policy governance aligned to global standards
  • Translate threat landscape, regulatory requirements, and business priorities into multi-quarter security programs and roadmaps
  • Support SOX through second line-of-defense responsibilities and support first line control owners
  • Lead and develop multiple teams, building a strong leadership bench and scalable operating model
  • Oversee cybersecurity risk assessments, control effectiveness, and mitigation strategies across systems and programs
  • Manage cross-functional stakeholder relationships and influence senior leaders across technology and business

Benefits

  • Extended health and dental benefits, and mental health plans
  • Paid time off
  • Savings and retirement plan matching
  • Generous employee discount
  • Fitness & yoga classes
  • Parenthood top-up
  • Extensive catalog of development course offerings
  • People networks, mentorship programs, and leadership series
Full Job Description
Description & Requirements

about this team

The Cybersecurity team enables lululemon to operate securely at a global scale by embedding security into how we build, ship, and run technology. We partner across technology and business teams to manage risk, protect guest and company data, and ensure compliance with global regulatory requirements while enabling innovation and growth.

As Director, Governance Risk & Compliance (GRC), you own end-to-end delivery for the GRC domain, spanning governance, risk, and compliance and GRC engineering. You translate the evolving regulatory and privacy landscape into actionable strategies, programs, and investments. You lead multiple teams, establish standards, and make deliberate trade-off decisions that balance risk reduction, operational resilience, and business velocity. This role is accountable for compliance, cybersecurity audits, program execution, and building a high-performing leadership bench.

core responsibilities
  • Own GRC delivery, ensuring effective controls, risk management, and measurable capabilities & maturity
  • Define and execute GRC strategy, including risk management, compliance, and policy governance aligned to global standards (e.g., NIST, ISO)
  • Translate threat landscape, regulatory requirements, and business priorities into multi-quarter security programs and roadmaps
  • Support SOX through the second line-of-defense responsibilities and support first line control owners
  • Lead and develop multiple teams, building a strong leadership bench and scalable operating model
  • Oversee cybersecurity risk assessments, control effectiveness, and mitigation strategies across systems and programs
  • Own executive reporting on security posture, risk, and compliance, driving informed decision-making
  • Manage cross-functional stakeholder relationships and influence senior leaders across technology and business
  • Lead budget, investment planning, and resource allocation aligned to risk-based priorities
  • Provide leadership during critical incidents and major security events
qualifications
  • 12-15+ years of experience in cybersecurity, technology risk, or related fields with 4+ years in senior leadership roles
  • Bachelor's degree in STEM or related field; advanced degree or certifications preferred
  • Experience leading multi-team cybersecurity functions including GRC, engineering, and/or operations
  • Deep knowledge of security frameworks and regulatory requirements (NIST, ISO 27001,CCPA/CPPA,SOX, PCI, GDPR, etc.)
  • Proven ability to translate risk and threat landscape into executable strategy and investment priorities
  • Strong experience with risk assessment, governance, and cybersecurity program delivery at scale
must haves
  • Acknowledge the presence of choice in every moment and take personal responsibility for your life.
  • Possess an entrepreneurial spirit and continuously innovate to achieve great results.
  • Communicate with honesty and kindness and create the space for others to do the same.
  • Lead with courage, knowing the possibility of greatness is bigger than the fear of failure.
  • Foster connection by putting people first and building trusting relationships.
  • Integrate fun and joy as a way of being and working, aka doesn't take yourself too seriously.
additional notes

Please note: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of employment visa at this time for this role.

compensation and benefits package

lululemon's compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and teamperformance. Thetypical hiring range for this position is from$205,900 - $270,300 annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program and equity offerings, subject to program eligibility requirements.

At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:
  • Extended health and dental benefits, and mental health plans
  • Paid time off
  • Savings and retirement plan matching
  • Generous employee discount
  • Fitness & yoga classes
  • Parenthood top-up
  • Extensive catalog of development course offerings
  • People networks, mentorship programs, and leadership series (to name a few)
Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.

workplace arrangement

Hybrid

In-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.

#LI-AF1

About Lululemon

Lululemon Athletica Inc. is a Canadian athletic apparel retailer headquartered in Vancouver, British Columbia, Canada. The company was founded in 1998 by Chip Wilson and has since grown to become a global brand with operations in North America, Europe, Asia, and Australia. Lululemon designs and sells a range of athletic apparel and accessories for women and men, including yoga pants, shorts, tops, jackets, and more. The company is known for its high-quality, stylish, and functional products, as well as its commitment to sustainability and social responsibility. Lululemon operates more than 500 stores worldwide and employs approximately 23,000 people.
Learn more about Lululemon
Size
19,000 employees
Market Cap
$40.3 billion
Industry
Net Income
$557.1 million
Founded
1998
5 Year Trend
+21.7%
Revenue
$4 billion
NASDAQ

Similar Jobs

More Jobs at Lululemon

More Information Technology Jobs

Find similar Technology Director - Governance, Risk, and Compliance (GRC) jobs: