Manager, Information Security - Risk Management

Work Location Type: Hybrid
Req Number 327250
About Grainger
W.W. Grainger, Inc., is a leading broad line distributor with operations primarily in North America, Japan and the United Kingdom. At Grainger, We Keep the World Working® by serving more than 4.5 million customers worldwide with products and solutions delivered through innovative technology and deep customer relationships. Known for its commitment to service and award-winning culture, the Company had 2024 revenue of $17.2 billion across its two business models. In the High-Touch Solutions segment, Grainger offers approximately 2 million maintenance, repair and operating (MRO) products and services, including technical support and inventory management. In the Endless Assortment segment, Zoro.com offers customers access to more than 14 million products, and MonotaRO.com offers more than 24 million products. For more information, visit www.grainger.com.
Compensation
The anticipated base pay compensation range for this position is $123,000.00 to $205,100.00.
"This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position."
Rewards and Benefits
With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger's benefits, please click on the link below:
https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire
The pay range provided above is not a guarantee of compensation. The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.
The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above.
Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.
Position Details
The Manager of Security Risk serves the essential function of bringing clarity, transparency, and relevance to the otherwise daunting experience associated with security controls, risk management, policies, standards, and assessments.
As a collaborative partner to stakeholders and a motivating leader to the team, this role aims to drive simplicity, automation, and effectiveness to the overall Information Security program.
You will

• Lead the Information Security Risk team in alignment with security strategy and regulatory or legal obligations.
• Manage and execute the security risk program in collaboration with Information Security teams and stakeholders.
• Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships in conjuction with the compliance team.
• Integration expertise of vendor risk reviews, control exceptions, risk assessments, or security control requirement services.
• Subject Matter Expert to stakeholders and team in relation to the spirit of controls, associated security framework or regulation, and alignment to information security.
• Ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Grainger's strategic needs.
• Monitor external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.
• Manage the intake of third parties through the risk evaluation process to determine risk levels and priorites of vendors and mitigating any residual risks and/or risk acceptances.
• Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations.

You have

• Experience in managing regulatory, legal, and/or Information Security frameworks and obligations.
• Comprehensive understanding of the spirit behind controls and their respective frameworks, regulations, or laws
• Experience in working with control owners to establish accountability, awareness, rationale, and relevance.
• Previous Risk Management experience preferred, with an emphasis on alignment to corporate risk appetite within the Cybersecurity discipline.
• One or more years of IT people management experience, preferably in Information Security
• Written and verbal communication skills.
• Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
• Skills in financial/budget management, scheduling and resource management.

Preferred

• A degree in Engineering, Information Technology, Computer Science, Risk Management, or Audit Practices is preferred.
• Professional management certification in a related field such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred
• Experience in building, training, and developing a high-performing team.
• Knowledge of information risk management, cybersecurity and IT compliance technologies.
• Knowledge of relevant legal and regulatory requirements.
• Six or more years of relevant work experience in a combination of risk management, information security and technology.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.
We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.