Senior GRC Security Analyst

Work Location Type: Remote  

About Grainger:

W.W. Grainger, Inc., is a leading broad line distributor with operations primarily in North America, Japan and the United Kingdom. At Grainger, We Keep the World Working® by serving more than 4.5 million customers worldwide with products and solutions delivered through innovative technology and deep customer relationships. Known for its commitment to service and award-winning culture, the Company had 2024 revenue of $17.2 billion across its two business models. In the High-Touch Solutions segment, Grainger offers approximately 2 million maintenances, repair and operating (MRO) products and services, including technical support and inventory management. In the Endless Assortment segment, Zoro.com offers customers access to more than 14 million products, and MonotaRO.com offers more than 24 million products. For more information, visit www.grainger.com.  

Compensation:

The anticipated base pay compensation range for this position is $93,800.00  to $156,400.00.

Rewards and Benefits:

With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger’s benefits, please click on the link below:

https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire

The pay range provided above is not a guarantee of compensation.  The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.   

The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above. 

Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.  

Position Details:

The Grainger Information Security Governance Risk and Compliance (GRC) team is a critical function that ensures Grainger operates within an effective framework of accountability, integrity, and regulatory adherence. This team works cross-functionally to identify, assess, and manage risks while embedding compliance and governance best practices across business processes, technology, and strategy. GRC works to report out metrics of all functions for leadership decisions. The GRC team works closely with legal & privacy, internal audit, IT & product development, human resources, and business unit leadership teams.

We are seeking a detail-oriented and proactive Information Security & Compliance Analyst to support our data protection and compliance initiatives. The successful candidate will play a critical role in protecting sensitive information, monitoring and improving internal control effectiveness, managing security and compliance metrics, and overseeing the remediation of audit and control findings.

You will:

Data Loss Prevention (DLP)

• Implement, monitor, and fine-tune DLP technologies and policies to prevent unauthorized data access or exfiltration.
• Conduct regular reviews of DLP alerts and incidents, escalating as necessary.
• Collaborate with IT, Legal, and Business Units to classify data and define protection strategies.
• Maintain documentation related to DLP rules, use cases, and response procedures.

Internal Control Testing

• Perform periodic control assessments across IT and business functions to ensure compliance with internal policies, standards, and regulatory requirements (e.g., NIST CSF, CMMC, PCI, HIPAA).
• Document control testing procedures, evidence, and results in a consistent and audit-ready format.
• Assist in the development and enhancement of internal controls based on audit results and risk assessments.
• Coordinate with internal/external auditors and control owners during audits and assessments.

Metrics & Reporting Management

• Define, track, and report key performance indicators (KPIs) and key risk indicators (KRIs) related to security, compliance, and control activities.
• Create dashboards and reports to communicate trends, risks, and progress to stakeholders.
• Drive continuous improvement by analyzing metric data to identify gaps or areas of inefficiency.

Findings Management

• Maintain a centralized repository for audit, risk, and control findings.
• Collaborate with business units to develop and track corrective action plans.
• Monitor the timely remediation of findings and validate closure with supporting evidence.
• Provide regular updates to leadership on findings status and risk exposure.

Product & Project Compliance Reviews

• Conduct pre-launch and ongoing compliance reviews for new products, services, and internal projects.
• Partner with business, product, and technology teams to identify regulatory, operational, privacy, and security compliance requirements.
• Review project documentation (e.g., business requirements, design docs, testing results) to ensure compliance considerations are embedded.

You Have:

• Bachelor’s degree in Information Systems or related degree, or equivalent job experience
• 5 years of experience Governance Risk and Compliance program.
• 5 years Information Security Control and risk assessments
• 5 years required of combined Information Technology and Information Security work experience with a broad exposure to the following Regulations and Frameworks; PCI, HIPAA, NIST CSF, CMMC
• Demonstrates an understanding of information security concepts
• Ability to quickly learn, become competent in, and effectively apply new skills
• Ability to prioritize and execute tasks in a complex environment for self and team members independently and effectively

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.

We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one’s employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.