SR. MANAGER INFORMATION SECURITY ENGINEERING

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy.
We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION 
Although we’re an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Senior Manager Information Security leads the global Information Security team to architect, develop, implement, maintain, and enhance information systems, security programs, policies, procedures, and tools to safeguard the confidentiality, integrity, and availability of applications, systems, networks, and data.

This role requires a deep understanding of the entire information security space including expert knowledge of the technologies and processes used to deliver information/cyber security capabilities, an appreciation of the compliance and regulatory drivers for a global information security program, and global program and personnel management experience. The Senior Manager Information Security reports directly to the Chief Information Security Officer (CISO) within CDT.

HOW YOU’LL MAKE A DIFFERENCE 

• Manage CSC’s global Information Security engineer team, tools, and programs including but not limited to: Threat and Vulnerability Management (TVM), endpoint security (EPP/EDR), Security Incident and Event Management (SIEM), and email and web protections.
• Continuously monitors global cyber security threat landscape for emerging attack vectors, develops treatment plans, and leads multiple teams to effectively mitigate the identified threats.
• Determines information security requirements for new systems and services by evaluating business and technical strategies, capabilities, and requirements to ensure security controls are built in by design.
• Implement and support DevSecOps practices to streamline automated testing of application security controls across the digital landscape, including instantiation and management of security testing and automation via CI/CD pipelines.
• Implement incident response plans and procedures to investigate, protect, and triage business-critical services during a security event and provide direction to internal and external resources during all phases of the incident lifecycle.
• Collaborates with business and technical teams to ensure the effective, secure, and appropriate use of cloud systems, services, and applications to meet CSC’s business objectives.
• Maintains CSC’s global Information Security controls to satisfy regulatory requirements such as PCI/DSS, SOX, etc.
• Partners with vendors and service providers to ensure CSC information security requirements are effectively addressed, managed, and maintained.
• Performs other duties, as assigned.

YOU ARE 

• Strong leadership experience capable of engaging, leading, and motivating individuals and teams.
• Ability to interact with a broad cross-section of personnel to define, explain and effectively manage security measures based on business value and objectives.
• Excellent written and verbal communication skills as well as a high degree of business acumen and an enterprise mindset.
• Regarded as the expert in the information security discipline within the organization function or business.

YOU HAVE 

• Bachelor’s degree or equivalent experience with one or more Information Security certifications (i.e., CISSP, CISM, GSLC, GSTRT).
• Requires 10+ years of professional Information Security experience with extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Knowledge of industry and regulatory security standards and frameworks (e.g., NIST CSF, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).
• Excellent understanding of security protocols, hybrid and multi-cloud architecture, security controls, modern threats, and countermeasures.
• Demonstrated experience managing and coordinating departmental activities to achieve specific goals based on priorities.

#LI-JD1

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company. 

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.