Security Analyst

Cybersecurity GRC Security Analyst Risk and Issue Management

Who we are

We are a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world from Vancouver to Shanghai and places in between. We owe our success to our innovative product our emphasis on our stores our commitment to our people and the incredible connections we get to make in every community we are in.

About this team

The Cybersecurity team enables us to conduct its global operations in a secure manner and to safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through security and compliance risk and through fostering a high degree of employee awareness of all security and compliance topics. To further enhance our team we are looking for an experienced specialist to serve as Security Analyst Risk and Issue Management. This role will work collaboratively with cross-functional teams within Cybersecurity and across Technology to identify analyze document and drive clear risk remediation activities to reduce systemic security risks. The ideal candidate will bring a blend of technical security and risk management expertise along with strategic thinking to drive measurable improvements in our security posture.

A day in the life:

As the Security Analyst Risk and Issue Management for us you will define facilitate coordinate and track remediation action plans for security risks and issues. The effectiveness of this role will be measured through verified closure of open risks and issues and demonstrated reduction in the organizations security risk posture. Core responsibilities of this role are as follows:

• Lead and participate in targeted risk reduction initiatives across business units and technology domains
• Analyze complex systems architectures and processes to identify security vulnerabilities and systemic risks
• Collaborate with cross-functional teams to design and implement risk mitigation strategies
• Conduct root cause analysis of recurring security issues and propose remediation plans for sustainable solutions
• Support the development and refinement of GRC metrics and dashboards to track risk reduction progress
• Serve as a liaison between Cybersecurity and technology teams to ensure appropriate prioritization and alignment on risk remediation tasks
• Contribute to incident response post mortem activities to identify residual risk and develop risk mitigation strategies. This includes supporting root cause analysis (RCA) discussions to understand and document underlying issues facilitating effective issue remediation.
• Remain current with emerging threats vulnerabilities and regulatory requirements
• Be an ambassador for the governance risk and compliance security practice throughout the organization

Qualifications:

• 5 years experience in a cybersecurity function preferably in a GRC security engineering or security risk management role
• Bachelors degree with focus on information technology cybersecurity or technology audit preferred
• Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST-CSF NIST-AI RMF COBIT ISO27001 Data Privacy regulations and frameworks)
• Proven track record in identifying and reducing systemic security risks in complex environments
• Experience working in or with security tiger teams red/blue/purple teams or similar high-impact security functions
• Strong understanding of enterprise IT systems and networks cloud platforms and security architectures
• Understanding of emerging AI/LLM technologies and related security risks
• Experience and passion for technical security risk identification and mitigation
• Ability to interact effectively with technical security stakeholders as well as non-technical business stakeholders to communicate and inform concepts pertaining to security risk
• Familiarity with ServiceNow GRC/IRM systems preferred
• Must have excellent analytical communication and project management skills
• Must be detail oriented and a self-starter
• Must be comfortable in a role that is dynamic and evolving
• Professional certification such as CISA CISSP CRISC Security CDPSE is a plus

Must haves:

• Acknowledges the presence of choice in every moment and takes personal responsibility for their life.
• Possesses an entrepreneurial spirit and continuously innovates to achieve great results.
• Communicates with honesty and kindness and creates the space for others to do the same.
• Leads with courage knowing the possibility of greatness is bigger than the fear of failure.
• Fosters connection by putting people first and building trusting relationships.
• Integrates fun and joy as a way of being and working aka doesnt take themselves too seriously.
• Actively removes barriers to equity so that everyone feels a sense of belonging.

Required Skills :

Basic Qualification :

Additional Skills :

Background Check : No

Drug Screen : No