Risk Operations

About The Position

Requirements

• 2+ years of doing something hard. This could be in consulting, technical operations, software engineering, or any role where you had to make sense of a complex system, improve it, and get others to adopt the change. Prior risk experience is not required - we’ll teach you the domain.
• You get up to speed fast. You’re the person who can be handed an unfamiliar problem, spend a week understanding it, and come back with a point of view.
• You have an optimization instinct. When you see a manual process, your first question is "could this be automated?" and you have the skills to actually build the tooling necessary to make that happen. You've automated meaningful pieces of your own job before.
• Technical fluency is no problem for you. You’re comfortable in the terminal, writing or modifying Python, Go, Apps Script code. Querying databases with SQL, working with APIs, and reasoning about systems is familiar territory. You can speak the same language as our engineering team and ask thoughtful questions to help yourself understand our environment.
• Written communication is a strong suit. You can take a vague alert, messy vendor review, or unclear audit finding and turn it into a well-articulated response memo, policy update, or control narrative that holds up under scrutiny from auditors and regulators.
• Your projects are hyper-organized. You’re comfortable juggling multiple concurrent workstreams across stakeholders with varying priorities, surfacing tradeoffs early, getting people to commit to a shared goal, and knowing when something needs to be escalated vs. decided in the moment.

Responsibilities

• Plug into whichever Risk program needs the most support at a given moment - third-party risk management, information security, model risk, privacy, financial, operational, etc. - and figure out what’s broken, slow, or missing.
• Learn each program from the ground up - understand what it’s actually protecting against, how it works in practice, and where the gaps are. Then re-design it so it’s faster and more consistent.
• Build the tooling that makes the next version of a process possible - scripts, internal dashboards, AI-assisted review workflows, system integrations.
• Support third-party diligence and monitoring, helping assess vendor/supplier risk and turning your findings into concrete remediation steps.
• Help design business continuity and disaster recovery (BC/DR) exercises that test how Column and its partners actually respond when things go wrong.
• Take our privacy program to the next level, and make sure privacy considerations are part of the way we diligence prospective customers from the start.

Benefits

• Comprehensive health, dental, and vision plans, including options that are 100% covered by Column for you and 50% covered for your dependents
• FSA and HSA account options to enable use of pre-tax money for medical and dependent care expenses
• 401k plan, including self-directed brokerage options
• Flexible time-off policy - take the time off that you want and need to relax and recharge
• 100% paid parental leave, including 16 weeks for birth mothers, 12 weeks for primary caregivers, and 8 weeks for secondary caregivers
• Catered lunches and dinners for SF employees
• Commuter benefits
• Regular team building events, including annual offsite