INFORMATION SECURITY RISK AND COMPLIANCE ANALYST

OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we’re as passionate about the outdoors as you are. And while our gear is available worldwide, we’re proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: “It’s perfect. Now make it better.” As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

ABOUT THE POSITION 
Although we’re an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear’s Digital Technology (CDT) group enables an IT infrastructure across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

Our company continues to evolve at a rapid clip, responding to external global dynamics as well as transforming our internal processes and systems to drive growth. In this environment of fast and significant change, it’s critical for our risk management and internal controls programs to keep pace. CSC’s IT Risk and Compliance team plays an important role in the design and operation of IT controls which mitigate risk and meet regulatory requirements consistently, effectively, and efficiently.

As Columbia Sportswear’s IT Risk and Compliance Analyst, you will be responsible for the day-to-day administration of the IT Risk and Compliance program. In this highly collaborative role, you’ll partner with diverse stakeholders (privacy, technical teams, control owners, internal auditors, external auditors, etc.) on a daily basis. You will also manage and assist with cross-functional projects, including the implementation and optimization of IT processes and controls.

HOW YOU’LL MAKE A DIFFERENCE 

• Provide subject matter expertise and coaching regarding IT risks and controls to the IT organization and its partners in the business and audit, with a focus on network and infrastructure security controls
• Partner with IT control owners to design and implement controls which address regulatory requirements and provide consistent, high quality, and auditable results
• Maintain PCI-DSS and SOX IT risk and control matrices as well as supporting control design documentation such as process flows, detailed work instructions, etc.
• Manage the assessment and remediation of PCI-DSS and SOX IT control deficiencies by performing root cause analysis, designing remediation plans, and updating control design documentation
• Support GIS management by acting as a liaison between auditors and IT control owners. Participate in control walkthroughs, assist in gathering audit evidence requests, and coordinate follow-up requests
• Obtain and review service organization control (SOC1 and SOC2) reports for relevant third parties, mapping them to Columbia IT controls and assessing control deficiencies
• Act as local administrator for Columbia’s compliance and audit management software, AuditBoard. Responsible for first line support, configuration, data maintenance, and user administration.

YOU ARE 

• A self-motivated and curious analyst. You can solve complex issues in terms of risk, process, and relationships.
• A structured and effective partner. Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
• Enterprise focused. You aren’t a siloed thinker, but consider impacts across regions, functions, and technologies.

• Relationship driven. You build rapport and support your team.
• A savvy and effective communicator. Whether in writing or verbally, you can clearly explain complex, sensitive information to colleagues without excessive jargon.

YOU HAVE 

• Bachelor’s degree in Management Information Systems, Computer Science, Cybersecurity, or a technically related field
• Minimum 5 years’ experience within a mid-size to large corporate environment(s)
• Applied experience with IT audits and/or compliance programs, including PCI-DSS compliance programs and assessments
• PCI-DSS (including PCIP, ISA, or QSA), CISA, CISM, CISSP or other relevant professional certifications desired
• Proven understanding of external and internal audit processes and ability to work effectively with auditors to research, interpret and resolve internal control and related audit issues
• Strong PC and systems skills with an aptitude for technical subjects and understanding of network and cloud technology environments, including Active Directory and Azure Active Directory

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we’ve been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who’s found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position’s scope and function in the company. 

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.