Senior Technology Manager - Vulnerability Management and Application Security

Lululemon Athletica View all jobs

  • Canada
  • Permanent
  • Full-time
  • 1 month ago
Description & Requirementswho we arelululemon is an innovative performance apparel company for yoga, running, training, and other athletic pursuits. Setting the bar in technical fabrics and functional design, we create transformational products and experiences that support people in moving, growing, connecting, and being well. We owe our success to our innovative product, emphasis on stores, commitment to our people, and the incredible connections we make in every community we're in. As a company, we focus on creating positive change to build a healthier, thriving future. In particular, that includes creating an equitable, inclusive and growth-focused environment for our people.about this teamAs the Senior Technology Manager for Vulnerability Management and Application Security, you will be a key leader within the Technology organization, responsible for shaping and executing the vision for secure, resilient, and compliant application ecosystems across a rapidly scaling global business. You will lead a team of security engineers and program managers focused on embedding vulnerability management and secure development practices into every layer of our technology stack. As the leader of this team, you will drive the development and implementation of security frameworks, controls, and tooling that support proactive risk identification, remediation, and governance across applications and infrastructure. You will partner closely with engineering, product, and compliance teams to ensure our platforms are not only innovative but also defensible and aligned with regulatory expectations.core responsibilities:
  • Leadership & Strategy - develop, lead, and mentor a team of security engineers and PMs/scrum leads focused on identifying and prioritizing vulnerabilities in our environment, and working with application teams on remediations
  • Vulnerability Identification and Prioritization - Lead the identification, categorization, and prioritization of security vulnerabilities using CVSS scoring, business impact assessments, and threat modeling frameworks
  • Application Security Oversight - Embed secure development practices across the SDLC, including threat modeling, secure coding, and DevSecOps integration, ensuring alignment with regulatory frameworks
  • Security Strategy & Architecture - define and execute the security strategy for vulnerability management and application security aligned with enterprise risk, GRC, and business goals and objectives
  • Technical Guidance and Execution - provide hands-on technical leadership in designing and implementing security controls, scanning for vulnerabilities, guide threat modelling, vulnerability assessments, and secure designs for our cloud environments and applications
  • Governance and Compliance Alignment - collaborate with GRC and legal teams to ensure vulnerability management practices align with internal policies and external compliance requirements
  • Reporting and Metrics - produce operational reports on vulnerability status, risk exceptions, and remediation progress, providing visibility to leadership and informing strategic decisions
  • Security Tooling and Automation - scale vulnerability remediation through automation and integrations with scanning tools and lead efforts to operationalize detection and response capabilities
  • Vendor partnership & management - evaluate, onboard, and manage third-party vendors and tools related to vulnerability management and application security; ensure vendor solutions meet internal security standards and risk due diligence processes
  • Budget management - develop and manage the team's operational and project budgets, ensuring alignment with strategic priorities; track and report on budget performance identifying opportunities for cost optimization
qualifications:
  • 8-10 years of experience enabling key business priorities through the successful delivery and support of cyber programs and initiatives
  • Deep understanding of regulatory frameworks including NIST, SOX, PCI, GDPR and other global data privacy regulations with the ability to translate these into actionable technical and operational controls
  • Proven track record in identifying, assessing, and remediating vulnerabilities across complex enterprise environments, including cloud-native and hybrid architectures
  • Experience implementing secure development lifecycle practices, including threat modelling, secure coding, and automated testing (SAST/DAST)
  • 6+ years of people leadership experience, managing diverse, high-performing teams across multiple geographies and time zones
  • Demonstrated success in building and sustaining inclusive, growth-oriented teams with a strong emphasis on diversity, equity, and individual development
  • Strong analytical and stakeholder management skills, with a history of using metrics and reporting to drive prioritisation and communicate risk posture
  • Experience managing vendor relationships and overseeing CAPEX and OPEX budgets to ensure efficient investment in security tooling and services
must haves
  • Acknowledge the presence of choice in every moment and take personal responsibility for your life.
  • Possess an entrepreneurial spirit and continuously innovate to achieve great results.
  • Communicate with honesty and kindness and create the space for others to do the same.
  • Lead with courage, knowing the possibility of greatness is bigger than the fear of failure.
  • Foster connection by putting people first and building trusting relationships.
  • Integrate fun and joy as a way of being and working, aka doesn't take yourself too seriously.
additional notesAuthorization to work in Canada is required for this role.compensation and benefits packagelululemon's compensation offerings are grounded in a pay-for-performance philosophy that recognizes exceptional individual and team performance. The typical hiring range for this position is from $158,900 - $208,500 annually; the base pay offered is based on market location and may vary depending on job-related knowledge, skills, experience, and internal equity. As part of our total rewards offering, permanent employees in this position may be eligible for our competitive annual bonus program, subject to program eligibility requirements.At lululemon, investing in our people is a top priority. We believe that when life works, work works. We strive to be the place where inclusive leaders come to develop and enable all to be well. Recognizing our teams for their performance and dedication, other components of our total rewards offerings include support of career development, wellbeing, and personal growth:
  • Extended health and dental benefits, and mental health plans
  • Paid time off
  • Savings and retirement plan matching
  • Generous employee discount
  • Fitness & yoga classes
  • Parenthood top-up
  • Extensive catalog of development course offerings
  • People networks, mentorship programs, and leadership series (to name a few)
Note: The incentive programs, benefits, and perks have certain eligibility requirements. The Company reserves the right to alter these incentive programs, benefits, and perks in whole or in part at any time without advance notice.workplace arrangementIn-person collaboration and connection is important to our culture. Work is performed onsite, minimum 4 days per week.Only those applicants under consideration will be contacted. Please accept our utmost appreciation for your interest. Lululemon is an Equal Employment Opportunity employer. Employment decisions are based on merit and business needs, and not on race, color, creed, age, sex, gender, sexual orientation, national origin, religion, marital status, medical condition, physical or mental disability, military service, pregnancy, childbirth and related medical conditions or any other classification protected by federal, state or provincial and local laws and ordinances. Reasonable accommodation is available for qualified individuals with disabilities, upon request. This Equal Employment Opportunity policy applies to all practices relating to recruitment and hiring, compensation, benefits, discipline, transfer, termination and all other terms and conditions of employment. While management is primarily responsible for seeing that Lululemon equal employment opportunity policies are implemented, you share in the responsibility for assuring that, by your personal actions, the policies are effective.lululemon is committed to providing reasonable accommodation to applicants with disabilities. If you would like someone from our team to contact you for individualized support, email us at . In your email, please include the position title, the location of the position and the nature of your request.The use of AI tools, including but not limited to ChatGPT, Microsoft Copilot, Gemini, DeepSeek, or any other AI-assisted software, is strictly prohibited during the interview process. This includes, AI-generated responses, content creation, or any form of automated assistance in live interviews, case studies, technical assessments, or written submissions.At lululemon, we are committed to privacy, integrity, transparency, and ethical hiring practices. Our commitment to responsible AI ensures that proprietary information is protected and that all hiring decisions are based on an individual's own skills, judgment, and expertise without AI assistance. Any use of AI during the interview process will result in immediate disqualification. lululemon reserves the right to use AI detection tools to verify the authenticity of candidate responses.

Lululemon Athletica