Lulu Wang
Everett,MA
Summary
Cybersecurity, Privacy, and AI Governance leader with 10+ years of experience designing and scaling enterprise-wide GRC and quantitative risk programs across cloud, data, and AI platforms. Trusted partner to CISO and executive leadership for risk-based investment decisions, regulatory strategy, and governance operating models supporting global regulatory and audit requirements.
Overview
10
10
years of professional experience
1
1
Certification
Work History
Senior Governance and Risk Compliance Manager
Saks Fifth Avenue
New York, NY
03.2022 - Current
- Own enterprise-wide GRC and AI governance strategy across large-scale, cloud-first retail environments, leading a team of 7+ senior associates and overseeing SOX, ISO 27001, ISO 27701, ISO 31000 , ISO 42001, PCI DSS, NIST CSF, and third-party risk programs.
- Lead AI governance decisions, setting risk priorities and advising on risk trade-offs across security, privacy, legal, and business stakeholders.
- Establish and lead the organization’s AI governance framework, overseeing model lifecycle risk, vendor risk acceptance, and executive AI governance committees to support responsible AI adoption.
- Lead enterprise quantitative cyber risk analysis (FAIR), translating technical risk into executive-ready decision inputs used to influence security investment, funding allocation, and control strategy.
- Exercise functional leadership over global compliance stakeholders and audit partners.
- Own the annual compliance and assurance portfolio, including audit strategy, external audit and vendor oversight, and cross-functional remediation, reducing audit cycle time by approximately 30%.
- Integrate Privacy-by-Design and security risk assessments into product and vendor onboarding processes, reducing downstream compliance friction and repeat audit findings.
- Strengthen company-wide awareness of relevant laws, regulations, and industry standards through targeted trainings, presentations, and ongoing communication efforts.
Information Governance Manager
Mimecast North America
Lexington, MA
06.2018 - 03.2022
- Designed and implemented the company’s first enterprise-wide data inventory and information governance framework, supporting global regulatory obligations at SaaS scale.
- Led GDPR/CCPA compliance audits, reducing regulatory exposure by 30%.
- Partnered with legal, privacy, and business leadership to strengthen data incident response and embed privacy-by-design practices across the organization.
- Shifted privacy and compliance from reactive audits to embedded SDLC controls, reducing launch delays and audit friction.
- Owned SOX, ISO 27001/27002 and 27701, SOC2, and NIST 800-53 programs; improved audit readiness scores by 20%.
- Partnered with engineering teams to operationalize security and compliance controls across SaaS and IaaS environments.
- Analyzed regulatory changes, assessing impact on current governance strategies and recommending adjustments.
- Monitored performance metrics related to governance practices, identifying areas for improvement and efficiency gains.
- Collaborated with cross-functional teams to develop governance-related training programs, raising awareness on critical issues.
IT Security Risk & Compliance Analyst
State Street Global Advisors
Boston, MA
07.2017 - 06.2018
- Supported IT FLoD risk program metrics and Archer GRC evidence testing.
- Developed internal Access database linking 200 IT risks and regulatory frameworks.
- Supported CAT (Consolidated Audit Trail) evidence gap analysis across critical applications.
- Assisted with Living Will certification and IT critical resource assessments.
- Reviewed internal policies and procedures, recommending updates to align with industry best practices.
- Leveraged data-driven insights to optimize the allocation of resources for maximum impact on risk mitigation efforts.
- Streamlined reporting processes using advanced analytical tools, improving accuracy of compliance documentation.
IT Security Compliance & Audit Analyst
SSH Communication Security
Waltham, MA
04.2016 - 12.2016
- Conducted research on PCI, ISO 27001, SOC-1, SOX, NIST 800 Series, and HIPAA compliance requirements.
- Created gap analyses and white papers to support quarterly audit readiness.
- Collaborated with engineering and marketing teams to maintain industry compliance.
- Enhanced IT risk awareness and internal security monitoring processes.
- Prepared comprehensive reports detailing audit findings, recommendations, and action plans for management review.
Education
Master of Science - Information Technology
Bentley University, McCallum Graduate School of Business
Waltham, MA01.2017
Master of Science - Finance
University of Rochester, Simon Business School
Rochester, NY01.2015
Bachelor of Science - Business Administration & Finance, Minor in Economics
University of Oregon
Eugene, OR01.2013
Skills
- Tools: Vanta, Archer GRC, ServiceNow IRM, Safe Security Platform, OneTrust, Jira, Power BI, FAIR
- Leadership: Known for cross-functional collaboration and mentoring global compliance teams Recognized for building scalable governance programs balancing risk, innovation, and compliance across global enterprises
Certification
- CISM – Certified Information Security Manager (ISACA)
- FAIR – Open FAIR
- AIG - AI Governance (IAPP)
- Certified Information Privacy Technologist (CIPT)
- CISSP – Certified Information Systems Security Professional (ISC²) (in progress)
CORE COMPETENCIES
Enterprise GRC Strategy | AI & Emerging Technology Governance | Quantitative Cyber Risk (FAIR) | Regulatory & Compliance Leadership (ISO 27001/27701, ISO 42001, PCI DSS, SOX, NIST) | Third-Party & Cloud Risk Management | Data Privacy (GDPR, CCPA) | Executive Risk Reporting & Board-Level Communication
Timeline
Senior Governance and Risk Compliance Manager
Saks Fifth Avenue
03.2022 - Current
Information Governance Manager
Mimecast North America
06.2018 - 03.2022
IT Security Risk & Compliance Analyst
State Street Global Advisors
07.2017 - 06.2018
IT Security Compliance & Audit Analyst
SSH Communication Security
04.2016 - 12.2016
Master of Science - Information Technology
Bentley University, McCallum Graduate School of Business
Master of Science - Finance
University of Rochester, Simon Business School
Bachelor of Science - Business Administration & Finance, Minor in Economics
University of Oregon