Risk & Compliance Analyst II

| Chicago

This position drives compliance of global business units with Grainger’s Global Risk Management and Compliance activities in alignment with Grainger’s IT Risk Management and Compliance Program. Team member will assess processes to identify gaps in business processes and controls, and assist in the design and documentation of processes to address the gaps in order to drive compliance in alignment with the risk management framework. Additional responsibilities include design, implementation and facilitation of Risk Metrics and Measures and the Security Awareness programs.

Principal Duties & Responsibilities: 

  • Works with business teams across the global organization to execute the ES Compliance and Risk Management program framework, extending processes as necessary to help business partners identify information risk and manage mitigation to an acceptable level
  • Provides inputs to global risk management processes in developing controls needed for the mitigation of risk for business processes which are not compliant with information security and risk frameworks
  • Lead other team members within the Risk and Compliance organization in assessing risk, developing appropriate controls and advising on creation of action plans to address gaps.
  • Collaboratively works to influence and socialize ES strategies, standards, policies, procedures, communications and governance.
  • Provides guidance with respect to needed changes to established IT Security policies based on day-to-day interactions with Grainger businesses.
  • Serves as subject matter expert in providing advice to global business units regarding compliance with applicable frameworks including ISO 27001, NIST Cybersecurity Framework (CSF), Cloud Controls Matrix (CCM) and standards including the Payment Card Industry Data Security Standard (PCI DSS) as well as other frameworks and standards as required.
  • Takes actions as directed to ensure business awareness of Data Privacy guidance, including the General Data Protection Regulation (GDPR), and appropriate engagement of Data Privacy office, as needed.
  • Provides advice to global business units on actions needed to align business requirements with relevant global security frameworks, standards, policies, and procedures.
  • Proactively provides relevant inputs to the global risk framework based on the latest government and industry information regarding new threats and vulnerabilities and communicate relevant information to appropriate teams, soliciting action plans if needed.
  • Coordinates deployment and measurement of security awareness efforts across Grainger global business units
  • Works closely with global business, contract and legal teams to assess proposed terms and conditions, align with appropriate risk profile and provide feedback on changes needed.
  • Monitors and manages ES risk register to ensure that all business risks are accurately represented and actively managed.
  • Aligns individual goals to Risk and Compliance team goals with S.M.A.R.T. objectives
  • Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities

Preferred Education & Experience: 

 

  • CISSP (Certified Information Systems Security Professional) certification or candidate for certification required
  • CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CIPP (Certified Information Privacy Professional) certifications helpful, but not required
  • Experience working with ISO 27001 (or similar) security framework, PCI DSS and CSA CCM standards in operational IT environment required
  • Experience applying other security frameworks (e.g., CSF, COBIT), laws and standards (e.g. Sarbanes-Oxley, GDPR, HIPAA) helpful, but not required
  • Working experience with IT Security risk frameworks such as ISO 27005, OCTAVE, FAIR, NIST RMF very helpful
  • Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) very helpful
  • Working knowledge of compliance tools such as the Unified Compliance Framework (UCF) Common Controls Hub (CCH) helpful, but not required
  • Must be able to work in a collaborative team environment with individuals at appropriate levels of the Company
  • Effective negotiation skills
  • Good verbal and written communication, facilitation, and interpersonal skills

“Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.”

 

Read Full Job Description

Technology we use

  • Engineering
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • SqlLanguages
    • jQueryLibraries
    • jQuery UILibraries
    • ReactLibraries
    • AngularJSFrameworks
    • Backbone.jsFrameworks
    • HadoopFrameworks
    • Node.jsFrameworks
    • SpringFrameworks
    • CassandraDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • Neo4jDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • SAP HANADatabases
    • TeradataDatabases

Location

The Ogilvie Train Station has its perks with metra in building and 5 blocks to the L. You can get to the French Market without stepping outside.

What are Grainger Perks + Benefits

Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Pet Insurance
Onsite Gym
Onsite gyms available in various facilities including corporate HQ and some field offices.
Retirement & Stock Options Benefits
401(K)
The company contributes 3% to a 401(k) Plan each pay period as part of an annual Profit Sharing contribution up to a 12% total target if goals are met. Eligibility requirements apply.
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Adoption Assistance
Grainger supports team members and their families who are in the process of adopting by reimbursing up to $6,000 per adoption for eligible expenses.
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Beverages and coffee on demand in our downtown locations.
Professional Development Benefits
Job Training & Conferences
Tuition Reimbursement
Diversity Program
More Jobs at Grainger47 open jobs
All Jobs
Finance
Data + Analytics
Design + UX
Dev + Engineer
HR
Marketing
Operations
Product
Project Mgmt
Sales
Content
Operations
new
North Suburbs
Operations
new
North Suburbs
Operations
new
North Suburbs
HR
new
North Suburbs
Operations
new
Chicago
Operations
new
Chicago
Operations
new
North Suburbs
Content
new
Chicago
Operations
new
North Suburbs
Operations
new
Chicago
Marketing
new
North Suburbs
Finance
new
North Suburbs
Product
new
North Suburbs
Data + Analytics
new
Chicago
Marketing
new
North Suburbs
Project Mgmt
new
North Suburbs
Operations
new
North Suburbs
Operations
new
North Suburbs
Developer
new
Chicago
Project Mgmt
new
North Suburbs
Product
new
Chicago
Developer
new
North Suburbs
Marketing
new
North Suburbs
Marketing
new
North Suburbs
Design + UX
new
Chicago
Operations
new
North Suburbs
Data + Analytics
new
Chicago
Design + UX
new
Chicago
Sales
new
North Suburbs
Data + Analytics
new
North Suburbs
Developer
new
Chicago
Developer
new
North Suburbs
Finance
new
North Suburbs
Operations
new
Chicago
Data + Analytics
new
Chicago
Marketing
new
Chicago
Marketing
new
Chicago
Data + Analytics
new
North Suburbs
Project Mgmt
new
Chicago
Operations
new
North Suburbs
Product
new
Chicago