PitchMeAI
Columbia Sportswear Company

Information Security Risk Analyst

Columbia Sportswear Company · Bengaluru, Karnataka, India

  • On site
  • Full-time
  • $95,000 / year
  • Bengaluru, Karnataka, India

Job highlights

  • Manage daily risk operations in InfoSec GRC team.
  • Assess internal and third-party security risks.
  • Monitor vendor risks and review control reports.
  • Collaborate to resolve security issues.
  • Maintain information security issue register.

About the role

About The Position

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

As an Information Security Risk Analyst, you will be responsible for the day-to-day operations of risk management functions within CDT's InfoSec GRC team. In this highly collaborative role, you’ll partner with diverse stakeholders including Procurement, Legal, and CDT to identify, assess, and respond to both internal and third-party security risks.

How You’ll Make a Difference

  • Conduct information security risk assessments of technology assets and third-party vendors across all of Columbia's brands and regions
  • Perform ongoing monitoring of third-party information security risks, including periodic reviews of service organization control reports (e.g., SOC2, ISO 27001) and other risk factors.
  • Collaborate with InfoSec team and business units to assess, escalate and resolve identified security risks and issues
  • Maintain an information security issue register, ensuring that issues are accurately documented and tracked throughout their lifecycle.
  • Support GRC team members in meeting other information security governance, risk, and compliance obligations as needed.

YOU ARE

  • Self-Motivated and Curious: You are driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions
  • Structured and Reliable: Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
  • Enterprise Focused: You aren’t a siloed thinker, but consider business impacts across regions, functions, and technologies.
  • Relationship Driven: You build rapport and support your team and colleagues across functions
  • Savvy and Effective Communicator: Whether in writing or verbally, you can clearly explain technical concepts and risks to colleagues without excessive jargon.

YOU HAVE

  • Bachelor’s degree in a technical field or equivalent certifications/experience such as CISSP, CISA, CRISC, Sec+, or CC
  • Minimum 3 years’ experience in GRC, risk management, or information security within mid-size to large corporate environment
  • Strong PC and systems skills with aptitude for learning technical subjects.

Key skills/competency

  • Information Security Risk Analyst
  • GRC
  • Risk Management
  • Information Security
  • Third-Party Risk
  • SOC2
  • ISO 27001
  • CISSP
  • CISA
  • CRISC

Skills & topics

  • Information Security Risk Analyst
  • GRC
  • Risk Management
  • Information Security
  • Third-Party Risk
  • SOC2
  • ISO 27001
  • CISSP
  • CISA
  • CRISC
  • Cybersecurity
  • IT Risk
  • Compliance
  • Security Assessment
  • Vendor Risk Management

How to get hired

  • Tailor your resume: Highlight your 3+ years of GRC/risk management experience and relevant certifications (CISSP, CISA, CRISC, Sec+, CC).
  • Showcase your skills: Emphasize your ability to conduct risk assessments, monitor third-party vendors, and communicate technical concepts clearly.
  • Understand the culture: Research Columbia Sportswear's focus on technology and customer experience to align your application with their values.
  • Prepare for interviews: Be ready to discuss how you've identified, assessed, and resolved security risks in a corporate environment.

Technical preparation

Study risk assessment frameworks (NIST, ISO).,Familiarize with SOC2 and ISO 27001 standards.,Practice documenting and tracking security issues.,Review common third-party security risks.

Behavioral questions

Describe a complex security issue you investigated.,How do you ensure reliability in your work?,Provide an example of considering business impact.,How do you build rapport with colleagues?

Frequently asked questions

What are the key responsibilities for an Information Security Risk Analyst at Columbia Sportswear?
As an Information Security Risk Analyst at Columbia Sportswear, your key responsibilities include conducting risk assessments, monitoring third-party vendor risks, maintaining an issue register, and collaborating with various teams to identify and resolve security risks. You will be an integral part of the InfoSec GRC team.
What qualifications are required for the Information Security Risk Analyst role at Columbia Sportswear?
Columbia Sportswear requires a Bachelor's degree in a technical field or equivalent certifications/experience such as CISSP, CISA, CRISC, Sec+, or CC. A minimum of 3 years of experience in GRC, risk management, or information security within a mid-size to large corporate environment is also necessary.
Is this Information Security Risk Analyst position remote or hybrid at Columbia Sportswear?
The job description indicates this is a #Hybrid role, meaning you will be expected to work from the office some days and remotely on others. Specific details about the hybrid schedule would typically be discussed during the interview process.
What kind of communication skills are important for an Information Security Risk Analyst at Columbia Sportswear?
Columbia Sportswear values 'Savvy and Effective Communicators.' This means you should be able to clearly explain technical concepts and risks to colleagues, both verbally and in writing, without excessive jargon. Collaboration is key in this role.
How does Columbia Sportswear approach technology within their apparel and footwear company?
While Columbia Sportswear is known for apparel and footwear, they emphasize that technology is central to their operations. Their Digital Technology (CDT) organization supports global brands, supply chains, and stores, focusing on enhancing customer interface and service through various platforms.