Senior GRC Security Analyst

Job Description:

The Grainger Information Security Governance Risk and Compliance (GRC) team is a critical function that ensures Grainger operates within an effective framework of accountability, integrity, and regulatory adherence. This team works cross-functionally to identify, assess, and manage risks while embedding compliance and governance best practices across business processes, technology, and strategy. GRC works to report out metrics of all functions for leadership decisions. The GRC team works closely with legal & privacy, internal audit, IT & product development, human resources, and business unit leadership teams.

We are seeking a detail-oriented and proactive Information Security & Compliance Analyst to support our data protection and compliance initiatives. The successful candidate will play a critical role in protecting sensitive information, monitoring and improving internal control effectiveness, managing security and compliance metrics, and overseeing the remediation of audit and control findings.

You will:

Data Loss Prevention (DLP)

• Implement, monitor, and fine-tune DLP technologies and policies to prevent unauthorized data access or exfiltration.
• Conduct regular reviews of DLP alerts and incidents, escalating as necessary.
• Collaborate with IT, Legal, and Business Units to classify data and define protection strategies.
• Maintain documentation related to DLP rules, use cases, and response procedures.

Internal Control Testing

• Perform periodic control assessments across IT and business functions to ensure compliance with internal policies, standards, and regulatory requirements (e.g., NIST CSF, CMMC, PCI, HIPAA).
• Document control testing procedures, evidence, and results in a consistent and audit-ready format.
• Assist in the development and enhancement of internal controls based on audit results and risk assessments.
• Coordinate with internal/external auditors and control owners during audits and assessments.

Metrics & Reporting Management

• Define, track, and report key performance indicators (KPIs) and key risk indicators (KRIs) related to security, compliance, and control activities.
• Create dashboards and reports to communicate trends, risks, and progress to stakeholders.
• Drive continuous improvement by analyzing metric data to identify gaps or areas of inefficiency.

Findings Management

• Maintain a centralized repository for audit, risk, and control findings.
• Collaborate with business units to develop and track corrective action plans.
• Monitor the timely remediation of findings and validate closure with supporting evidence.
• Provide regular updates to leadership on findings status and risk exposure.

Product & Project Compliance Reviews

• Conduct pre-launch and ongoing compliance reviews for new products, services, and internal projects.
• Partner with business, product, and technology teams to identify regulatory, operational, privacy, and security compliance requirements.
• Review project documentation (e.g., business requirements, design docs, testing results) to ensure compliance considerations are embedded.

You Have:

• Bachelor’s degree in Information Systems or related degree, or equivalent job experience
• 5 years of experience Governance Risk and Compliance program.
• 5 years Information Security Control and risk assessments
• 5 years required of combined Information Technology and Information Security work experience with a broad exposure to the following Regulations and Frameworks; PCI, HIPAA, NIST CSF, CMMC
• Demonstrates an understanding of information security concepts
• Ability to quickly learn, become competent in, and effectively apply new skills
• Ability to prioritize and execute tasks in a complex environment for self and team members independently and effectively

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.

We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one’s employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.