OUTGROWN YOUR OWN BACKYARD? COME PLAY IN OURS.

At Columbia, we're as passionate about the outdoors as you are. And while our gear is available worldwide, we're proud to be based in the Pacific Northwest, where natural wonders are our playground.

Every product we make and every task we undertake is inspired by the famous words of our founder Gert Boyle: "It's perfect. Now make it better." As pioneers of relentless improvement, we are constantly evolving.

We believe the outdoors is ours to protect and strive to keep our planet healthy. We believe in empowering people to experience the outdoors to the fullest.

And we believe in you.

Although we're an apparel and footwear-focused company, technology is central to everything we do. Columbia Sportswear's Digital Technology (CDT) group enables an IT infrastructure and applications across four global brands, a global supply chain, and 500+ geographically dispersed stores. These teams support in-store, mobile, and data platforms to enhance customer interface and service in an ever-evolving industry.

The InfoSec Risk Program Manager is member of the CDT InfoSec GRC organization. You will be responsible for the methodology and day-to-day administration of our Information Security Risk Management programs, including third party risk. In this highly collaborative role, you'll partner with diverse stakeholders including Procurement, Legal, and CDT to identify and manage internal and third party security risks.

How you'll make a difference

• Provide subject matter expertise and coaching regarding IT risk management and controls to the CDT organization and its business partners
• Design and implement Information Security risk assessment standards and methodology for both internal and third party resources
• Coordinate with Procurement, Legal, and other business units to ensure that Information Security standards are met when contracting new vendors
• Maintain an Information Security risk register
• Perform ongoing monitoring of vendor security compliance, including reviews of service organization control reports (i.e. SOC1, SOC2, ISO 27001) and third party security monitoring services (e.g. BitSight, SecurityScorecard, UpGuard)
• Collaborate with InfoSec team and business units to escalate and resolve identified security issues and control deficiencies
• Support GRC team members in meeting regulatory compliance obligations related to PCI, SOX, etc. as needed

You are

• A self-motivated and curious analyst. You can solve complex issues in terms of risk, process, and relationships.
• A structured and effective partner. Whether alone or collaborating, you guide the successful completion of both projects and day-to-day activities.
• Enterprise focused. You aren't a siloed thinker, but consider impacts across regions, functions, and technologies.
• Relationship driven. You build rapport and support your team.
• A savvy and effective communicator. Whether in writing or verbally, you can clearly explain complex, sensitive information to colleagues without excessive jargon.

You have

• Bachelor's degree in a technical field or equivalent certifications/experience such as PCIP, CISA, CISM, CRISC, CISSP
• Minimum 8 years of experience with IT audits and/or governance, risk, and compliance programs
• Proven ability to administer risk management programs and communicate risks and issues to various technical and business stakeholders
• Strong PC and systems skills with aptitude for technical subjects and understanding of network and multi-cloud technology environments

#LI-JD1

Columbia Sportswear Company and our portfolio of brands, including Columbia, SOREL, Mountain Hardwear and prAna, know a thing or two about adventures. After all, we've been on one since 1938, working to perfect the art of enjoying the outdoors. Behind everything we make is an employee who's found that the greatest adventure starts with joining a company that strives to do the right thing.

This job description is not meant to be an all-inclusive list of duties and responsibilities, but constitutes a general definition of the position's scope and function in the company.

At Columbia Sportswear Company (CSC), we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, military and veteran status, and any other characteristic protected by applicable law. CSC believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool. All employment is decided on the basis of qualifications, merit, and business need.