Enterprise Technology Risk Analyst

Summary: The Enterprise Technology Risk Analyst identifies, assesses, and monitors technology risks across the organization. The role provides second-line oversight and independent challenge, helps maintain compliance with regulatory and industry standards, and strengthens the company’s overall security posture. You will work cross-functionally to execute risk assessments, maintain continuous monitoring, track issues and exceptions, and prepare clear reporting for management and committees.

Job Responsibilities:

Risk Assessment and Control Assurance

• Perform technology risk assessments to identify vulnerabilities and threats.
• Evaluate the effectiveness of controls, document results, and recommend improvements.
  
  

Continuous Technology Monitoring and Reporting

• Maintain and improve technology risk indicators and control monitoring routines.
• Monitor and report on technology risk metrics and performance indicators.
• Compile assessment findings and produce dashboards, reports, and presentations for management and stakeholders.
  
  

Compliance and ISMS Maintenance

• Maintain the process, risk, and control library.
• Update policies, standards, and procedures aligned to ISO 27001.
• Support audits and regulatory examinations with timely evidence and responses.
  
  

Technology Risk Monitoring and Reporting

• Provide second-line challenge on projects, changes, and new technologies.
• Contribute to materials for risk committees and senior management updates.
  
  

Issue & Exception Management

• Log and track risk exceptions and issues, including documentation of mitigation plans.
• Monitor status, escalate delays, and verify remediation effectiveness.
• Performs other job-related duties as assigned.
  
  

Other Responsibilities

• Performs other job-related duties as assigned.
  
  

Job Requirements:

• Bachelor’s degree (or Associate’s with equivalent experience) in Information Technology, Cybersecurity, Risk Management, or related field.
• 2 years of experience in IT risk management, internal/external audit, ITGC testing, or control assurance.
• Working knowledge of regulatory and industry frameworks (e.g., ISO 27001 & 27002, NIST CSF, Cyber Risk Institute Profile).
• Strong analytical, writing, and problem-solving skills.
• Effective communication and collaboration across first, second, and third lines.
  
  

Preferred

• Professional certifications such as CISSP, CISM, or CRISC are preferred.
  
  

Columbia Bank offers the following benefits:

• Medical, Dental, Vision and Rx which are contributory.
• Bonus programs.
• Employee Stock Option Program (ESOP).
• Life Insurance, Long Term Disability and Accidental Death and Dismemberment (LTD&AD&D).
• Paid Time Off (PTO) which includes Personal and Vacation Time.
• Paid Sick Time.
• Bank Holidays.
• Employees may participate in the 401k program.
  
  

Schedule:

This role is eligible for a hybrid schedule; 3 days in the office and 2 days work from home based on business need.

Columbia Bank and its affiliates is an Equal Opportunity Employer, including individuals with disabilities and veterans.