InfoSec GRC Analyst II

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we're as passionate about the outdoors as you are. And while our gear is available worldwide, we're proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: "It's perfect. Now make it better." As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

As an Information Security GRC Analyst, you will be responsible for the operations of regulatory compliance and risk management functions within CDT's InfoSec GRC team. In this highly collaborative role, you'll partner with diverse stakeholders (financial compliance, technical teams, control owners, internal auditors, external auditors, etc.) on a daily basis. You will also manage and assist with cross-functional projects, including the implementation and optimization of IT processes and controls and performing risk management tasks.

How you'll make a difference

• Provide subject matter expertise and coaching regarding IT risks and controls to the IT organization and its partners in the business and audit
• Partner with IT control owners to design and implement controls which address regulatory requirements and provide consistent, high quality, and auditable results
• Maintain SOX and PCI IT risk and control matrices as well as supporting control documentation such as process flows, detailed work instructions, self-assessments, etc.
• Support the assessment and remediation of SOX and PCI IT control deficiencies by performing root cause analysis, designing remediation plans, and updating control design documentation
• Support CDT management by acting as a liaison between auditors and IT control owners. Participate in control walkthroughs, assist in gathering audit evidence requests, and coordinate follow-up requests
• Obtain and review service organization control (SOC1 and SOC2) reports for relevant third parties, mapping them to Columbia IT controls and assessing control deficiencies
• Support Information Security risk management tasks including third party contract reviews, vendor monitoring, risk tracking, and issue remediation

You are

• A self-motivated and curious analyst. You can solve complex issues in terms of risk, process, and relationships.
• A structured and effective partner. Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
• Enterprise focused. You aren't a siloed thinker, but consider impacts across regions, functions, and technologies.
• Relationship driven. You build rapport and support your team.
• A savvy and effective communicator. Whether in writing or verbally, you can clearly explain complex, sensitive information to colleagues without excessive jargon.

You have

• Bachelor's degree in Business, Accounting, Management Information Systems, Computer Science or a technically related field
• Minimum 3 years' experience within a mid-size to large corporate environment(s)
• Applied experience with SOX IT audits and/or compliance programs. Additional experience with other regulatory frameworks including PCI preferred.
• CISA, CPA, CIA, CISM, CISSP or other relevant professional certifications desired
• Proven understanding of external and internal audit processes and ability to work effectively with auditors to research, interpret and resolve internal control and related audit issues
• Strong PC and systems skills with aptitude for technical subjects and understanding of ERP processing environments, particularly SAP and Microsoft Dynamics 365

#LI-JD1

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.