Security Analyst

Position Type: Contract Location: Seattle, WA (Onsite) Cybersecurity GRC Security Analyst Risk and Issue Management Who we are We are a yoga-inspired technical apparel company up to big things. The practice and philosophy of yoga informs our overall purpose to elevate the world through the power of practice. We are proud to be a growing global company with locations all around the world, from Vancouver to Shanghai, and places in between. We owe our success to our innovative product, our emphasis on our stores, our commitment to our people, and the incredible connections we get to make in every community we are in. About this team The Cybersecurity team enables us to conduct its global operations in a secure manner and to safeguard the trusted information of its guests and users. This is accomplished by understanding business risk as manifested through security and compliance risk, and through fostering a high degree of employee awareness of all security and compliance topics. To further enhance our team, we are looking for an experienced specialist to serve as Security Analyst Risk and Issue Management. This role will work collaboratively with cross-functional teams within Cybersecurity and across Technology to identify, analyze, document, and drive clear risk remediation activities to reduce systemic security risks. The ideal candidate will bring a blend of technical security and risk management expertise, along with strategic thinking to drive measurable improvements in our security posture. A day in the life: As the Security Analyst Risk and Issue Management for us, you will define, facilitate, coordinate, and track remediation action plans for security risks and issues. The effectiveness of this role will be measured through verified closure of open risks and issues, and demonstrated reduction in the organization’s security risk posture. Core responsibilities of this role are as follows: Lead and participate in targeted risk reduction initiatives across business units and technology domains Analyze complex systems, architectures, and processes to identify security vulnerabilities and systemic risks Collaborate with cross-functional teams to design and implement risk mitigation strategies Conduct root cause analysis of recurring security issues and propose remediation plans for sustainable solutions Support the development and refinement of GRC metrics and dashboards to track risk reduction progress Serve as a liaison between Cybersecurity and technology teams to ensure appropriate prioritization and alignment on risk remediation tasks Contribute to incident response post mortem activities to identify residual risk and develop risk mitigation strategies. This includes supporting root cause analysis (RCA) discussions to understand and document underlying issues, facilitating effective issue remediation. Remain current with emerging threats, vulnerabilities, and regulatory requirements Be an ambassador for the governance, risk and compliance security practice throughout the organization Qualifications: 5+ years experience in a cybersecurity function, preferably in a GRC, security engineering, or security risk management role Bachelor’s degree with focus on information technology, cybersecurity or technology audit preferred Experience with cybersecurity risk and compliance frameworks and practices (e.g. NIST-CSF, NIST-AI RMF, COBIT, ISO27001, Data Privacy regulations and frameworks) Proven track record in identifying and reducing systemic security risks in complex environments Experience working in or with security tiger teams, red/blue/purple teams, or similar high-impact security functions Strong understanding of enterprise IT systems and networks, cloud platforms, and security architectures Understanding of emerging AI/LLM technologies and related security risks Experience and passion for technical security risk identification and mitigation Ability to interact effectively with technical security stakeholders as well as non-technical business stakeholders to communicate and inform concepts pertaining to security risk Familiarity with ServiceNow GRC/IRM systems preferred Must have excellent analytical, communication, and project management skills Must be detail oriented and a self-starter Must be comfortable in a role that is dynamic and evolving Professional certification such as CISA, CISSP, CRISC, Security+, CDPSE is a plus Must haves: Acknowledges the presence of choice in every moment and takes personal responsibility for their life. Possesses an entrepreneurial spirit and continuously innovates to achieve great results. Communicates with honesty and kindness and creates the space for others to do the same. Leads with courage, knowing the possibility of greatness is bigger than the fear of failure. Fosters connection by putting people first and building trusting relationships. Integrates fun and joy as a way of being and working, aka doesn’t take themselves too seriously. Actively removes barriers to equity so that everyone feels a sense of belonging.