About the Role:Responsible for leading Cybersecurity and IT governance, risk, and compliance efforts, including the establishment and maintenance of IT operating model and facilitating the development of technology policies and standards.
- Maintain governance documentation detailing how information should be secured including the maintenance and development of internal process/procedure documentation including but are not limited to technology and cybersecurity policies and standards.
- Perform formal risk analysis and self-assessments for technology processes, leveraging industry frameworks/standards like NIST CSF, FFIEC, CIS, ITIL, and COBIT to build a unique program for Columbia Bank.
- Develop new and analyze existing internal technology and security controls, to ensure compliance with documented and approved standards and frameworks. Ensure that information systems within environment comply with company policies, standards, and procedures.
- Drive and provide advisory and subject-matter expertise to technology teams and business units for cybersecurity compliance readiness.
- Responsible for tracking and monitoring gaps in the cybersecurity program. Maintain cybersecurity gap analysis documents; gather necessary information from technology and lines of business to identify areas to improve banking practices.
- Manage end-to-end issue management activities, including intake, validation, prioritization, assignment, remediation tracking, and closure of GRC-related issues in ServiceNow, ensuring timely resolution, appropriate evidence, and alignment with audit, risk, and regulatory expectations.
- Coordinate SOX IT Audit activities, serving as the primary liaison between audit (internal/external) and technology stakeholders to manage request intake, scope clarification, evidence collection, review, submission, issue tracking, status reporting to leadership and timely resolution in support of audit deadlines and control effectiveness.
- Lead the process to identify new assets, perform the risk evaluation process to determine the risk ranking.
- Facilitate and liaise with technology leaders, key corporate risk groups (including Internal Audit, External Audit, Corporate Compliance, Enterprise Risk Management, Legal) to ensure TAG is aligned with these groups and meeting obligations.
- Demonstrates compliance with all bank regulations for assigned job function and applies to designated job responsibilities - knowledge may be gained through coursework and on-the-job training. Keeps up to date on regulation changes.
- Follows all Bank policies and procedures, compliance regulations, and completes all required annual or job-specific training.
- Maintain a working knowledge of Bank's written policies and procedures regarding Bank Secrecy Act, Regulation CC, Regulation E, Bank Security and other regulations as applicable to this job description.
- May be asked to coach, mentor, or train others and teach coursework as subject matter expert.
- Actively learns, demonstrates, and fosters the Columbia corporate culture in all actions and words.
- Takes personal initiative and is a positive example for others to emulate.
- Embraces our vision to become "Business Bank of Choice"
- May perform other duties as assigned.
About You:- Bachelor's Degree in computer science or equivalent (preferred)
- 7-10 years - of experience in or a combination of information security, IT audit, or information technology operations. (Required)
- ServiceNow IRM/GRC experience to design/optimize workflow, reporting and implementing new features
- Knowledge of risk management processes including internal audit and information security management. Experience evaluating controls relative to information security frameworks such as ISO 27002, NIST 800 series, or financial services regulatory frameworks such as the FFIEC IT booklets and Cybersecurity Assessment Tool (CAT).
- Knowledge of systems and network concepts including: access, authorization, configuration, and design.
- Demonstrated understanding of information security concepts including: encryption, access controls, network security, security operations, security architect, threat modeling and design.
- Knowledge of applicable regulatory requirements including PCI DSS, GLBA and HIPAA.
- Ability to operate in a cross-functional environment, build, and foster relationships with other departments and stakeholders.
- Ability to anticipate and respond to changing priorities and operate effectively in a dynamic demand-based environment, requiring extreme flexibility and responsiveness.
Travel Requirements
The pay range for this role is $80,051.00 - $165,000.00.
The pay rate for the selected candidate is dependent upon a variety of non-discriminatory factors including, but not limited to, job-related knowledge, skills, and experience, education, and geographic location. The role may be eligible for performance-based incentive compensation, and those details will be provided during the recruitment process.
Primary Location: Ability to work fully onsite at posted location(s).
9285 NE Tanasbourne Drive Hillsboro OR 97124
Our Benefits:We are proud to offer a competitive total rewards package including base wages and comprehensive benefits.
We offer eligible associates comprehensive healthcare coverage (medical, dental, and vision plans), a 401(k)-retirement savings plan with employer match for qualifying associate contributions, an employee assistance program, life insurance, disability insurance, tuition assistance, mental health resources, identity theft protection, legal support, auto and home insurance, pet insurance, access to an online discount marketplace, and paid vacation, sick days, volunteer days, and holidays. Benefit eligibility begins the first day of the month following the date of hire for associates who are regularly scheduled to work at least thirty hours weekly.
