Principal InfoSec Governance Analyst
About The Position
Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry. The Principal InfoSec Governance Analyst is member of the CDT InfoSec GRC organization. You will be responsible for supporting the governance of Columbia's Information Security program through defining and maintaining information security frameworks, policies, standards, and controls. This role is ideal for professional with 8+ years of experience in Information Security as a GRC analyst, auditor, or related role focused on cybersecurity frameworks and standards.
Requirements
- Bachelor’s degree in a technical field such as cybersecurity or business information systems
- Minimum 8 years of experience in GRC, IT audit, or information security within mid-size to large corporate environment
- Strong understanding of cybersecurity frameworks such as NIST Cybersecurity Framework, PCI DSS, and ISO 27001
- Strong PC and systems skills with aptitude for learning technical subjects.
Nice To Haves
- Security certifications such as CISSP, CISA, CRISC, Sec+, or CC preferred.
Responsibilities
- Work with stakeholders across the company to define and document scalable information security standards informed by industry best practice frameworks such as the NIST Cybersecurity Framework, CIS Critical Security Controls, and PCI Data Security Standard.
- Design and document controls to ensure compliance with information security frameworks and reduction of information security risks.
- Provide subject matter expertise regarding information security standards, controls, and compliance to the CDT organization and its business partners
- Define organizational processes to continuously improve information security policies and standards.
- Work with company leadership to establish corporate policy for a global audience in compliance with laws and information security objectives.
- Act as primary coordinator for maturity and compliance assessments to facilitate assessor interviews, evidence collection, and remediation planning with internal stakeholders.
- Contribute to the maturity of the InfoSec GRC program through automation, metrics, and process improvements
Benefits
- Benefits that can protect your family’s financial future and help you save money through our 401k plan plus a generous company match.
- Columbia offers medical, dental, vision, life Insurance, disability, flexible spending accounts, health savings account, and an assortment of voluntary benefit offerings (accident, critical illness, hospital indemnity, and legal services).
- In addition, Columbia offers EAP + which is free and confidential 24/7/365 counseling services.
- We have extensive wellness benefits, employee discounts and a generous time off program available.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
