Information Security Risk Analyst

• Conduct information security risk assessments of technology assets and third-party vendors across all of Columbia's brands and regions
• Perform ongoing monitoring of third-party information security risks, including periodic reviews of service organization control reports (e.g., SOC2, ISO 27001) and other risk factors.

• Collaborate with InfoSec team and business units to assess, escalate and resolve identified security risks and issues
• Maintain an information security issue register, ensuring that issues are accurately documented and tracked throughout their lifecycle.

• Support GRC team members in meeting other information security governance, risk, and compliance obligations as needed.

• Self-Motivated and Curious: You are driven to understand the "why", you thoughtfully investigate complex issues and ask probing questions
• Structured and Reliable: Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
• Enterprise Focused: You aren’t a siloed thinker, but consider business impacts across regions, functions, and technologies.
• Relationship Driven: You build rapport and support your team and colleagues across functions
• Savvy and Effective Communicator: Whether in writing or verbally, you can clearly explain technical concepts and risks to colleagues without excessive jargon.

• Bachelor’s degree in a technical field or equivalent certifications/experience such as CISSP, CISA, CRISC, Sec+, or CC
• Minimum 3 years’ experience in GRC, risk management, or information security within mid-size to large corporate environment
• Strong PC and systems skills with aptitude for learning technical subjects.

Columbia Sportswear