Principal InfoSec Governance Analyst

This position is designated as a hybrid role based out of our headquarters near Portland Oregon. The current expectation is for employees to work onsite four days per week subject to change based on business needs. This in-office requirement may be adjusted at the discretion of the company.

OUTGROWN YOUR OWN BACKYARD COME PLAY IN OURS.

At Columbia were as passionate about the outdoors as you are. And while our gear is available worldwide were proud to be based in the Pacific Northwest where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: Its perfect. Now make it better. As pioneers of relentless improvement we are constantly evolving.

We believe the outdoors is ours to protect and were committed to keeping our planet healthy. We believe in empowering people to explore the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION
Although were an apparel and footwear-focused company technology is central to everything we do. Columbia Sportswears Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands a global supply chain and 500 geographically dispersed stores. These teams support in-store mobile and data platforms to enhance customer interface and service in an ever-evolving industry.

The Principal InfoSec Governance Analyst is member of the CDT InfoSec GRC organization. You will be responsible for supporting the governance of Columbias Information Security program through defining and maintaining information security frameworks policies standards and controls. This role is ideal for professional with 8 years of experience in Information Security as a GRC analyst auditor or related role focused on cybersecurity frameworks and standards.

HOW YOULL MAKE A DIFFERENCE

• Work with stakeholders across the company to define and document scalable information security standards informed by industry best practice frameworks such as the NIST Cybersecurity Framework CIS Critical Security Controls and PCI Data Security Standard.
• Design and document controls to ensure compliance with information security frameworks and reduction of information security risks.
• Provide subject matter expertise regarding information security standards controls and compliance to the CDT organization and its business partners
• Define organizational processes to continuously improve information security policies and standards.
• Work with company leadership to establish corporate policy for a global audience in compliance with laws and information security objectives.
• Act as primary coordinator for maturity and compliance assessments to facilitate assessor interviews evidence collection and remediation planning with internal stakeholders.
• Contribute to the maturity of the InfoSec GRC program through automation metrics and process improvements

YOU ARE

• A structured risk based thinker who brings clarity and consistency to information security governance.
• Naturally curious asking the right questions to understand complex informationsecurity requirements.
• A practical problem solver who focuses on root causes and workable solutions.
• Enterprise minded considering impacts across a global business and technology landscape.
• Collaborative building trust and strong partnerships across teams.
• A clear communicator who explains information security concepts without unnecessary jargon.

YOU HAVE

• Bachelors degree in a technical field such as cybersecurity or business information systems
• Security certifications such as CISSP CISA CRISC Sec or CC preferred.
• Minimum 8 years of experience in GRC IT audit or information security within mid-size to large corporate environment
• Strong understanding of cybersecurity frameworks such as NIST Cybersecurity Framework PCI DSS and ISO 27001
• Strong PC and systems skills with aptitude for learning technical subjects.

#LI-JD1

This job description is not meant to be an all-inclusive list of duties and responsibilities but constitutes a general definition of the positions scope and function in the company.

Columbia Sportswear Company is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex gender identity sexual orientation race color religion national origin disability protected Veteran status age or any other characteristic protected by law. Columbia Sportswear is committed to working with and providing reasonable accommodation for individuals with disabilities. If you need reasonable accommodation because of a disability for any part of the employment process please notify your recruiter.

At Columbia Sportswear Company were proud to offer regular full-time employees a benefits package that includes a variety of services and products to help make your life and work more rewarding. Our benefit programs contribute to overall employee well-being by aligning those programs with the fundamental elements of well-being: physical social/emotional financial career and community. Benefits that can protect your familys financial future and help you save money through our 401k plan plus a generous company match. Columbia offers medical dental vision life Insurance disability flexible spending accounts health savings account and an assortment of voluntary benefit offerings (accident critical illness hospital indemnity and legal services). In addition Columbia offers EAP which is free and confidential 24/7/365 counseling services. We have extensive wellness benefits employee discounts and a generous time off program available.

If you need an accommodation/adjustment to successfully complete and submit your application please reach out to with the Subject: Applicant Assistance Requested.