Principal InfoSec Governance Analyst

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we're as passionate about the outdoors as you are. And while our gear is available worldwide, we're proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder, Gert Boyle: "It's perfect. Now make it better." As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect, and we're committed to keeping our planet healthy. We believe in empowering people to explore the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION
Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Principal InfoSec Governance Analyst is member of the CDT InfoSec GRC organization. You will be responsible for supporting the governance of Columbia's Information Security program through defining and maintaining information security frameworks, policies, standards, and controls. This role is ideal for professional with 8+ years of experience in Information Security as a GRC analyst, auditor, or related role focused on cybersecurity frameworks and standards.

HOW YOU'LL MAKE A DIFFERENCE

• Work with stakeholders across the company to define and document scalable information security standards informed by industry best practice frameworks such as the NIST Cybersecurity Framework, CIS Critical Security Controls, and PCI Data Security Standard.
• Design and document controls to ensure compliance with information security frameworks and reduction of information security risks.
• Provide subject matter expertise regarding information security standards, controls, and compliance to the CDT organization and its business partners
• Define organizational processes to continuously improve information security policies and standards.
• Work with company leadership to establish corporate policy for a global audience in compliance with laws and information security objectives.
• Act as primary coordinator for maturity and compliance assessments to facilitate assessor interviews, evidence collection, and remediation planning with internal stakeholders.
• Contribute to the maturity of the InfoSec GRC program through automation, metrics, and process improvements

YOU ARE

• A structured, risk based thinker who brings clarity and consistency to information security governance.
• Naturally curious, asking the right questions to understand complex informationsecurity requirements.
• A practical problem solver who focuses on root causes and workable solutions.
• Enterprise minded, considering impacts across a global business and technology landscape.
• Collaborative, building trust and strong partnerships across teams.
• A clear communicator who explains information security concepts without unnecessary jargon.

YOU HAVE

• Bachelor's degree in a technical field such as cybersecurity or business information systems
• Security certifications such as CISSP, CISA, CRISC, Sec+, or CC preferred.
• Minimum 8 years of experience in GRC, IT audit, or information security within mid-size to large corporate environment
• Strong understanding of cybersecurity frameworks such as NIST Cybersecurity Framework, PCI DSS, and ISO 27001
• Strong PC and systems skills with aptitude for learning technical subjects.

#LI-JD1

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.