About The Position
Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.
We are seeking a detail-oriented and technically proficient GRC Analyst to join our Information Security team, with a focus on validating and testing security controls across the enterprise. This role is ideal for professionals with 3–5 years of experience in GRC, audit, or cybersecurity operations who are passionate about ensuring the effectiveness of security controls and driving continuous improvement.
How You'll Make a Difference
- Execute information security control validation and testing activities across various domains (e.g., access management, vulnerability management, incident response, data protection) across all of Columbia's brands and regions.
- Collaborate with control owners and stakeholders to understand the design of controls
- Document findings and work with stakeholders to develop remediation recommendations
- Support the application and improvement of control testing methodologies, procedures, and reporting mechanisms
- Contribute to continuous improvement of GRC processes and tooling.
YOU ARE
- Self-Motivated and Curious: You are driven to understand the why, you thoughtfully investigate complex issues and ask probing questions
- Structured and Reliable: Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
- Enterprise Focused: You aren't a siloed thinker, but consider business impacts across regions, functions, and technologies.
- Relationship Driven: You build rapport and support your team and colleagues across functions
- Savvy and Effective Communicator: Whether in writing or verbally, you can clearly explain technical concepts and risks to colleagues without excessive jargon.
YOU HAVE
- Bachelor's degree in a technical field or equivalent certifications/experience such as CISSP, CISA, CRISC, Sec+, or CC
- Minimum 3 years experience in GRC, risk management, IT audit, or information security within mid-size to large corporate environment
- Strong PC and systems skills with aptitude for learning technical subjects.
#Hybrid
This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company. 
