Principal InfoSec GRC Control Validation Analyst(Governance, Risk & Compliance)
Job Location:
Monthly Salary:
Posted on:
Vacancies:
Job Summary
ABOUT THE POSITION
Althoughwerean apparel and footwear-focused company technology is central to everything we do. Columbia Sportswears Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands a global supply chain and 500 geographically dispersed stores. These teams support in-store mobile and data platforms to enhance customer interface and service in an ever-evolving industry.
We areseekinga detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus onvalidatingand testing security controls across the enterprise. This role will serve as the most senior member of a small team focused onvalidatingthe effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC IT audit or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.
How Youll Make a Difference:
Act as a process and team lead for Columbias information security control validation program
Design and enhance information securitycontrol validation methodologies procedures and reporting mechanisms
Plan lead and execute information securitycontrol validation and testing activities across various security domains (e.g. access management vulnerability management incident response data protection).
Mentor junior analysts providing guidance on information security control validation best practices while fostering a culture of accountability
Provide subject matter expertise regardinginformation securitycontrol validation and compliance frameworks to the CDT organization and its business partners
Documentinformation security control issues and collaborate with stakeholders to develop remediation recommendations
Prepare risk reports and dashboards for information securitymanagement and governance committees.
Influence the evolution of theinformation security GRC program through maturing GRC tools automation processes and metrics
YOU ARE
Experienced and Passionate:You are a seasoned security professional with a passion for governance risk and compliance
Methodical and Pragmatic:You approach control testing with precision and canidentifypragmatic solutions to addressing risks
Self-Motivated and Curious: Youare driven to understand the why you thoughtfully investigate complex issues and ask probing questions
Leadership-Oriented:Youdemonstrateinitiative and are experienced in mentoring and developing others
Relationship Driven:You build rapport and support your team and colleagues across functions
Influential Communicator: Whetherin writing or verbally you can effectively explain technical concepts and risks to colleagues and management without excessivejargon.
YOU HAVE
Bachelors degree in a technical field such as cybersecurity or business information systems
Security certifications such as CISSP CISA CRISC Sec or CCpreferred.
Minimum 8 years experience in GRC IT audit or information security within mid-size to large corporate environment
Provenexpertisewho has led audit testing focused team on ISO 27001 audits SOC2 audits or NIST audits.
Hands-on experience in leading IT audits risk assessments or compliance programs
#LI-SA1
#Hybrid
This job description is not meant to be an all-inclusive list of duties and responsibilities but constitutes a general definition of the positions scope and function in the company.
Required Experience:
Staff IC
About Company
Founded in 1938, Columbia brand apparel, footwear, accessories, equipment, and employees have earned a global reputation for innovation, quality and performance, keeping activity enthusiasts and explorers in more than 100 countries, warm, dry, cool and protected year-round. Columbia S ... View more
