Information Security Risk Analyst
Columbia Sportswear Company
Job Overview
Who's the hiring manager?
Sign up to PitchMeAI to discover the hiring manager's details for this job. We will also write them an intro email for you.
Job Description
About The Position
Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.
As an Information Security Risk Analyst, you will be responsible for the day-to-day operations of risk management functions within CDT's InfoSec GRC team. In this highly collaborative role, you’ll partner with diverse stakeholders including Procurement, Legal, and CDT to identify, assess, and respond to both internal and third-party security risks.
How You’ll Make a Difference
- Conduct information security risk assessments of technology assets and third-party vendors across all of Columbia's brands and regions
- Perform ongoing monitoring of third-party information security risks, including periodic reviews of service organization control reports (e.g., SOC2, ISO 27001) and other risk factors.
- Collaborate with InfoSec team and business units to assess, escalate and resolve identified security risks and issues
- Maintain an information security issue register, ensuring that issues are accurately documented and tracked throughout their lifecycle.
- Support GRC team members in meeting other information security governance, risk, and compliance obligations as needed.
YOU ARE
- Self-Motivated and Curious: You are driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions
- Structured and Reliable: Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
- Enterprise Focused: You aren’t a siloed thinker, but consider business impacts across regions, functions, and technologies.
- Relationship Driven: You build rapport and support your team and colleagues across functions
- Savvy and Effective Communicator: Whether in writing or verbally, you can clearly explain technical concepts and risks to colleagues without excessive jargon.
YOU HAVE
- Bachelor’s degree in a technical field or equivalent certifications/experience such as CISSP, CISA, CRISC, Sec+, or CC
- Minimum 3 years’ experience in GRC, risk management, or information security within mid-size to large corporate environment
- Strong PC and systems skills with aptitude for learning technical subjects.
Key skills/competency
- Information Security Risk Analyst
- GRC
- Risk Management
- Information Security
- Third-Party Risk
- SOC2
- ISO 27001
- CISSP
- CISA
- CRISC
How to Get Hired at Columbia Sportswear Company
- Tailor your resume: Highlight your 3+ years of GRC/risk management experience and relevant certifications (CISSP, CISA, CRISC, Sec+, CC).
- Showcase your skills: Emphasize your ability to conduct risk assessments, monitor third-party vendors, and communicate technical concepts clearly.
- Understand the culture: Research Columbia Sportswear's focus on technology and customer experience to align your application with their values.
- Prepare for interviews: Be ready to discuss how you've identified, assessed, and resolved security risks in a corporate environment.
Frequently Asked Questions
Find answers to common questions about this job opportunity
Explore similar opportunities that match your background