Senior Security Analyst - Risk and Issue Management (VAN or SEA)

Job Description

As the Security Analyst – Risk and Issue Management for lululemon, you will define, facilitate, coordinate, and track remediation action plans for security risks and issues. The effectiveness of this role will be measured through verified closure of open risks and issues, and demonstrated reduction in the organization’s security risk posture. Core responsibilities of this role are as follows:

• Lead and participate in targeted risk reduction initiatives across business units and technology domains
• Analyze complex systems, architectures, and processes to identify security vulnerabilities and systemic risks
• Collaborate with cross-functional teams to design and implement risk mitigation strategies
• Conduct root cause analysis of recurring security issues and propose remediation plans for sustainable solutions
• Support the development and refinement of GRC metrics and dashboards to track risk reduction progress
• Serve as a liaison between Cybersecurity and technology teams to ensure appropriate prioritization and alignment on risk remediation tasks
• Contribute to incident response post mortem activities to identify residual risk and develop risk mitigation strategies. This includes supporting root cause analysis (RCA) discussions to understand and document underlying issues, facilitating effective issue remediation.
• Remain current with emerging threats, vulnerabilities, and regulatory requirements
• Be an ambassador for the governance, risk and compliance security practice throughout the organization

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com. To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• 5+ years experience in a cybersecurity function, preferably in a GRC, security engineering, or security risk management role

• Bachelor’s degree with focus on information technology, cybersecurity or technology audit preferred

• Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST-CSF, NIST-AI RMF, COBIT, ISO27001, Data Privacy regulations and frameworks)

• Proven track record in identifying and reducing systemic security risks in complex environments

• Experience working in or with security tiger teams, red/blue/purple teams, or similar high-impact security functions

• Strong understanding of enterprise IT systems and networks, cloud platforms, and security architectures

• Understanding of emerging AI/LLM technologies and related security risks

• Experience and passion for technical security risk identification and mitigation

• Ability to interact effectively with technical security stakeholders as well as non-technical business stakeholders to communicate and inform concepts pertaining to security risk

• Must have excellent analytical, communication, and project management skills

• Must be detail oriented and a self-starter

• Must be comfortable in a role that is dynamic and evolving

• Professional certification such as CISA, CISSP, CRISC, Security+, CDPSE

• Familiarity with ServiceNow GRC/IRM