Information Security Risk Analyst

ABOUT THE POSITION

Although were an apparel and footwear-focused company technology is central to everything we do. Columbia Sportswears Digital Technology (CDT) organization enables IT infrastructure and applications across four global brands a global supply chain and 500 geographically dispersed stores. These teams support in-store mobile and data platforms to enhance customer interface and service in an ever-evolving industry.

As an Information Security Risk Analyst you will be responsible for the day-to-day operations of risk management functions within CDTs InfoSec GRC this highly collaborative role youll partner with diverse stakeholders including Procurement Legal and CDT to identify assess and respond to both internal and third-party security risks.

HOW YOULL MAKE A DIFFERENCE

• Conduct information security risk assessments of technology assets and third-party vendors across all of Columbias brands and regions
• Perform ongoing monitoring of third-party information security risks including periodic reviews of service organization control reports (e.g. SOC2 ISO 27001) and other risk factors.

• Collaborate with InfoSec team and business units to assess escalate and resolve identified security risks and issues
• Maintain an information security issue register ensuring that issues are accurately documented and tracked throughout their lifecycle.

• Support GRC team members in meeting other information security governance risk and compliance obligations as needed.

YOU ARE

• Self-Motivated and Curious: You are driven to understand the why you thoughtfully investigate complex issues and ask probing questions
• Structured and Reliable: Whether alone or collaborating you guide the successful completion of both projects and day-to-day activities.
• Enterprise Focused: You arent a siloed thinker but consider business impacts across regions functions and technologies.
• Relationship Driven: You build rapport and support your team and colleagues across functions
• Savvy and Effective Communicator: Whether in writing or verbally you can clearly explain technical concepts and risks to colleagues without excessive jargon.

YOU HAVE

• Bachelors degree in a technical field or equivalent certifications/experience such as CISSP CISA CRISC Sec or CC
• Minimum 3 years experience in GRC risk management or information security within mid-size to large corporate environment
• Strong PC and systems skills with aptitude for learning technical subjects.

#LI-SA1

#Hybrid

This job description is not meant to be an all-inclusive list of duties and responsibilities but constitutes a general definition of the positions scope and function in the company.