Information Security Analyst IV

Security Analyst IV protects Grainger information assets by establishing Information Security Governance. Including; maintaining Information Security Policies and Procedures, performing control, risk assessments and contract reviews, coordaining internal and external audits and Regulatory assessments.

Making Information Security Governance available to the right teams at the right time, effectively collaborating across the organization, and making smart decisions.

Principal Duties & Responsibilities

• Collaborate with Enterprise partner (Legal, Privacy, Procurement, etc.) to establish and maintain Information Security Governance Program.
• Develop, maintain and continuous improvement Information Security Policies and Procedures.
• Perform initial, annual, and ad hoc control assessments for Vendors, Customers and Suppliers.
• Perform initial and annual contract reviews for Vendors, Customers and Suppliers.
• Act as Advisory and coordinate Regulatory assessments (PCI, HIPAA, SOX, NIST, CMMS) via internal and external audits
• Identify process improvements
  • Policy Exception process
  • Risk acceptance and Authorization
• Participate in the implementation of Governance, Risk and Control tool
  • Strengthen Policy and Procedure Controls
  • Maintain Control Library
  • Assist maintenance of the Risk Register
• Participate in Security Awareness program
• Utilize existing workflow tool to ensure accuracy and efficiency
  • SharePoint
  • ServiceNow
  • OneTrust
  • JIRA
• Gather data for team metrics to ensure accurate reporting of key Information Security Governance metrics for Grainger leadership and stakeholders
• Maintain GRC data within GRC tool

Preferred Education & Experience

• Bachelor’s degree in Information Systems or related degree, or equivalent job experience
• 10+ years of experience Governance Risk and Compliance program.
• 10+ years SDLC policies, standards and procedures
• 10+ years Information Security Control and risk assessments
• 10 or more years required of combined Information Technology and Information Security work experience with a broad exposure to the following Regulations and Frameworks; PCI, HIPAA, SOX, NIST, CMMS
• Demonstrates an advanced understanding of information security concepts
• Experience with GRC tools including OneTrust and ServiceNow
• Ability to quickly learn, become competent in, and effectively apply new skills
• Ability to prioritize and execute tasks in a complex environment for self and team members independently and effectively

Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.