Job Description

ABOUT THE POSITION

Althoughwe'rean apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

We areseekinga detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team, with a focus onvalidatingand testing security controls across the enterprise. This role will serve as the most senior member of a small team focused onvalidatingthe effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC, IT audit, or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.

HOW YOU’LL MAKE A DIFFERENCE

• Plan, lead, and execute control validation and testing activities across various domains (e.g., access management, vulnerability management, incident response, data protection).

• Mentor junior analysts, providing guidance on control validation methodologies and best practices while fostering a culture of accountability

• Provide subject matterexpertiseregardinginformation security control validation and compliance frameworks to the CDT organization and its business partners

• Document control issues and collaborate with stakeholders to develop remediation recommendations

• Develop and enhance control testing methodologies, procedures, and reporting mechanisms

• Prepare risk reports and dashboards for management and governancecommittees.

• Influence the evolution of the GRC program through maturing tools, automation, processes, and metrics, andprocesses.

YOU ARE

• Experienced and Passionate:You are a seasoned security professional with a passion for governance, risk, and compliance

• Methodical and Pragmatic:You approach control testing with precision and can identifypragmatic solutions to addressing risks

• Self-Motivated and Curious Youare driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions

• Leadership-Oriented:Youdemonstrateinitiative and are experienced in mentoring and developing others

• Relationship DrivenYou build rapport and support your team and colleagues across functions

• Influential Communicator Whetherin writing or verbally, you can effectively explain technical concepts and risks to colleagues and management without excessivejargon.

YOU HAVE

• Bachelor’s degree in a technical field such as cybersecurity or business information systems

• Security certifications such as CISSP, CISA, CRISC, Sec+, or CCpreferred.

• Minimum 8 years’ experience in GRC, IT audit, or information security within mid-size to large corporate environment

• Provenexpertisein cybersecurity frameworks such as NIST CSF or ISO 27001

• Hands-on experience in leading IT audits, risk assessments, or compliance programs

#LI-SA1

#Hybrid

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.