Security Analyst - Risk

Work Location Type: Hybrid
Req Number 327126
About Grainger:
W.W. Grainger, Inc., is a leading broad line distributor with operations primarily in North America, Japan and the United Kingdom. At Grainger, We Keep the World Working® by serving more than 4.5 million customers worldwide with products and solutions delivered through innovative technology and deep customer relationships. Known for its commitment to service and award-winning culture, the Company had 2024 revenue of $17.2 billion across its two business models. In the High-Touch Solutions segment, Grainger offers approximately 2 million maintenance, repair and operating (MRO) products and services, including technical support and inventory management. In the Endless Assortment segment, Zoro.com offers customers access to more than 14 million products, and MonotaRO.com offers more than 24 million products. For more information, visit www.grainger.com.
Compensation:
The anticipated base pay compensation range for this position is $67,900.00 to $113,200.00.
This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position.
Rewards and Benefits
With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger's benefits, please click on the link below:
https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire
The pay range provided above is not a guarantee of compensation. The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.
The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above.
Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.
Position Details
The Information Security Risk Advisory professional supports the organization's efforts to identify, assess, and manage information security and technology risks. You will work closely with security, IT, business, and third-party stakeholders to evaluate security controls, assess risk exposure, and provide practical, risk-based recommendations that align with business objectives.
You will collaborate with internal audit, legal, privacy, and compliance teams to support audits, risk reporting, and ongoing monitoring activities. They help translate technical security concepts into clear, actionable insights for stakeholders and contribute to the development and maintenance of risk documentation, metrics, and reporting.
This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1B visa status) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position.
You will

• Perform information security risk assessments, control testing, and security reviews across systems, applications, and processes.
• Support compliance efforts by assessing alignment with internal policies, regulatory requirements, and industry frameworks such as NIST CSF, PCI DSS 4.0, and related standards, and by assisting in the identification and tracking of remediation activities.
• Contribute to third-party risk management activities, including reviewing vendor security documentation, conducting risk assessments, and supporting risk rating, issue tracking, and risk acceptance processes.
• Support technology initiatives-such as new system implementations, cloud services, and process changes-by identifying potential risks and control gaps and advising on mitigation strategies.
• Strong analytical and communication skills, attention to detail, and the ability to manage multiple priorities.
• Work independently on assigned assessments while escalating complex risks as needed, contributing to continuous improvement of the organization's information security risk management program.

You have

• Bachelor's degree in Information Security, Information Systems, Computer Science, Risk Management, or a related field, or equivalent practical experience
• 2-4 years of experience in information security, technology risk, cybersecurity, GRC, internal audit, or risk advisory roles
• Working knowledge of information security and risk frameworks such as NIST CSF, NIST 800-53, or similar standards
• Experience conducting risk assessments, control reviews, and gap analyses across applications, infrastructure, cloud environments, or business processes
• Familiarity with third-party and vendor risk management, including review of security questionnaires, SOC reports, and other assurance artifacts
• Ability to document findings clearly and communicate technical risks in business-focused language
• Experience supporting audits, regulatory examinations, or compliance initiatives in collaboration with internal audit, legal, and compliance teams
• Strong analytical, organizational, and time-management skills with the ability to manage multiple assessments concurrently

Preferred

• Relevant certifications such as CISA, CRISC, CISSP, or progress toward certification

• Understanding of common security domains (e.g., access management, data protection, incident response, vulnerability management, network security)
• Experience in regulated environments (financial services, healthcare, technology, or similar)
• Exposure to cloud security concepts (AWS, Azure, GCP) and modern technology environments
• Experience preparing risk metrics, dashboards, or management-level reporting

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.
We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.