About The Position
Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.
We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team, with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC, IT audit, or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.
How You'll Make a Difference
- Plan, lead, and execute control validation and testing activities across various domains (e.g., access management, vulnerability management, incident response, data protection).
- Mentor junior analysts, providing guidance on control validation methodologies and best practices while fostering a culture of accountability
- Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
- Document control issues and collaborate with stakeholders to develop remediation recommendations
- Develop and enhance control testing methodologies, procedures, and reporting mechanisms
- Prepare risk reports and dashboards for management and governance committees.
- Influence the evolution of the GRC program through maturing tools, automation, processes, and metrics, and processes.
YOU ARE
- Experienced and Passionate: You are a seasoned security professional with a passion for governance, risk, and compliance
- Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
- Self-Motivated and Curious: You are driven to understand the why, you thoughtfully investigate complex issues and ask probing questions
- Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
- Relationship Driven: You build rapport and support your team and colleagues across functions
- Influential Communicator: Whether in writing or verbally, you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.
YOU HAVE
- Bachelor's degree in a technical field such as cybersecurity or business information systems
- Security certifications such as CISSP, CISA, CRISC, Sec+, or CC preferred.
- Minimum 8 years experience in GRC, IT audit, or information security within mid-size to large corporate environment
- Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
- Hands-on experience in leading IT audits, risk assessments, or compliance programs
#Hybrid
This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company. 
