Solution Architect Information Security

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we're as passionate about the outdoors as you are. And while our gear is available worldwide, we're proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: "It's perfect. Now make it better." As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The Solution Architect provides perspective, leadership, and technical expertise to address challenges. This position serves as a key role in strategy and delivery to ensure successful implementation. The Solution Architect forms strategy on integration, ensuring effectiveness and cohesion for information security requirements in new systems and services by evaluating business and technical strategies, capabilities, and requirements to ensure security controls are built in by design.

How you'll make a difference

• Architecture planning and recommendations for Information Security capabilities, applications, services, patterns, and practices for a hybrid multiple-cloud environment. Engagement on business process, capabilities roadmaps, adoption roadmap, and strategy.
• Continuously monitors global cyber security threat landscape for emerging attack vectors, develops treatment plans, and leads multiple teams to effectively mitigate the identified threats.
• Partners with vendors and service providers to ensure CSC information security requirements are effectively addressed, managed, and maintained.
• Lead and participate in multi-disciplinary technology teams to design, build, and deploy secure applications and infrastructure.
• Participate in the development of incident response plans and procedures to investigate, protect, and triage business-critical services during a security event and provide direction to internal and external resources during all phases of the incident lifecycle.

• Application and data landscape analysis and documentation, advocacy for unified enterprise approach to ensure consistency. Participate in the design, development, documentation and application of best practices and procedures that govern implementations.
• Project and program support. Works closely with delivery teams to deliver solutions that are reliable, flexible, scalable, and provide low-cost ownership
• Architecture liaison between business teams, technical teams, and Columbia leadership. Coordination with teams to drive technical design and architecture. Provide technical mentoring, guidance, and training throughout the organization.

You Are

• Ability to interact with a broad cross-section of personnel to define, explain and effectively manage security measures based on business value and objectives.
• Excellent written and verbal communication skills as well as a high degree of business acumen and an enterprise mindset.
• Has meticulous attention to detail and ability to support multiple initiatives.
• Regarded as the expert in the information security discipline within the organization function or business.
• Ability to work both individually and as part of a team.

You Have

• Bachelor's degree or equivalent experience with one or more Information Security certifications (i.e., CISSP, CISSP-ISSAP, GDSA, CISM).
• Requires 10+ years of professional Information Security experience with extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Extensive knowledge of deploying and maintaining enterprise security tools and capabilities.
• Knowledge of industry and regulatory security standards and frameworks (e.g., NIST CSF, ISO 27001, SOX, PCI/DSS, GLBA, GDPR, and CCPA).
• Excellent understanding of security protocols, hybrid and multi-cloud architecture, security controls, modern threats, and countermeasures.
• Experience with and knowledge of securing and documenting cloud SaaS, IaaS, and PaaS providers, containers management, DevSecOps and CI/CD pipeline, Cloud Access Security Broker, Infrastructure as a Code, secrets management, SIEM solutions, network security tools, perimeter protection technologies, and Identity and Access Management technologies and practices.

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.