Senior Security Analyst, GRC Operations

About The Position

Requirements

• Bachelor’s degree or equivalent required required
• 3+ years’ Experience in Information Security required
• Demonstrated knowledge of cybersecurity and privacy regulations, risk management principles, and industry frameworks.
• Hands‑on experience developing and maintaining metrics, KPIs, and dashboards to support governance and risk reporting.
• Experience supporting or leading security governance assessments.
• Strong written and verbal communication skills, with the ability to influence cross‑functional partners and engage executive stakeholders.
• Highly organized, detail‑oriented, and capable of managing multiple priorities in a dynamic environment.
• Proven ability to work independently while contributing effectively within a collaborative team environment.
• Experience in project management, including planning, prioritization, dependency tracking, and driving initiatives to completion across cross‑functional teams in a dynamic environment.
• Ongoing commitment to staying informed on cybersecurity trends, threat actors, and emerging best practices.

Responsibilities

• Support the assessment and ongoing management of Grainger’s Security Governance Programs, with emphasis on Cloud, AI, and Data Governance.
• Evaluate the effectiveness of existing security governance processes, identifying current-state gaps, risks, and opportunities for improvement aligned to frameworks such as NIST and ISO 27001 and global privacy regulations (HIPAA, GDPR).
• Drive process, policy, and workflow improvements across GRC Operations, contributing to the standardization and strengthening of governance practices to improve accuracy, consistency, and operational efficiency.
• Track identified risks, issues, and remediation activities through resolution, ensuring accountability, timely follow‑up, and clear communication of status, blockers, and outcomes to stakeholders.
• Help maintain key GRC artifacts, including risk, controls, metrics, dashboards, and executive‑level reporting.
• Partner with cross‑functional stakeholders to support compliance and regulatory requirements, including audit readiness and regulatory inquiries.
• Translate complex security, risk, and compliance concepts into clear, concise communications tailored for both technical and non‑technical audiences, including senior leadership.
• Strengthen security awareness and governance communications, reinforcing accountability, risk‑informed decision‑making, and organizational understanding of security responsibilities.
• Maintain accurate documentation and evidence to support audits, internal reviews, and external regulatory engagements.
• Coordinate and support GRC‑related initiatives and projects, including managing timelines, tracking action items, organizing deliverables, and communicating status and outcomes to stakeholders.
• Monitor emerging cybersecurity threats and social engineering trends, proactively informing governance strategies and program enhancements.

Benefits

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.