Principal InfoSec GRC Control Validation Analyst(Governance, Risk & Compliance)

Columbia Sportswear Company -
Bengaluru, Karnataka

Apply Now

Job details

Full-time

Qualifications

CISSP
IT auditing
Information security
Bachelor's degree
NIST standards
Business Information Systems
ISO 27001

Full job description

ABOUT THE POSITION

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team, with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC, IT audit, or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.

How You'll Make a Difference:

Act as a process and team lead for Columbia's information security control validation program
Design and enhance information security control validation methodologies, procedures, and reporting mechanisms
Plan, lead, and execute information security control validation and testing activities across various security domains (e.g., access management, vulnerability management, incident response, data protection).
Mentor junior analysts, providing guidance on information security control validation best practices while fostering a culture of accountability
Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
Document information security control issues and collaborate with stakeholders to develop remediation recommendations
Prepare risk reports and dashboards for information security management and governance committees.
Influence the evolution of the information security GRC program through maturing GRC tools, automation, processes, and metrics

YOU ARE

Experienced and Passionate: You are a seasoned security professional with a passion for governance, risk, and compliance

Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks

Self-Motivated and Curious : You are driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions

Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others

Relationship Driven : You build rapport and support your team and colleagues across functions

Influential Communicator : Whether in writing or verbally, you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.

YOU HAVE

Bachelor’s degree in a technical field such as cybersecurity or business information systems

Security certifications such as CISSP, CISA, CRISC, Sec+, or CC preferred.

Minimum 8 years’ experience in GRC, IT audit, or information security within mid-size to large corporate environment

Proven expertise who has led audit testing focused team on ISO 27001 audits, SOC2 audits, or NIST audits.

Hands-on experience in leading IT audits, risk assessments, or compliance programs

#LI-SA1

#Hybrid

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

Apply Now

YOU ARE

YOU HAVE

Jobseeker tools

Employer Tools

Browse

Stay Connected