Senior Security Analyst, GRC Operations

Work Location Type:Hybrid

Req Number 327853

About Grainger

W.W. Grainger, Inc., is a leading broad line distributor with operations primarily in North America, Japan and the United Kingdom. At Grainger, We Keep the World Working by serving more than 4.5 million customers worldwide with products and solutions delivered through innovative technology and deep customer relationships. Known for its commitment to service and award-winning culture, the Company had 2024 revenue of $17.2 billion across its two business models. In the High-Touch Solutions segment, Grainger offers approximately 2 million maintenance, repair and operating (MRO) products and services, including technical support and inventory management. In the Endless Assortment segment,Zoro.comoffers customers access to more than 14 million products, andMonotaRO.comoffers more than 24 million products. For more information, visitwww.grainger.com.

Compensation

The anticipated base pay compensation range for this position is$95,900.00 to$159,800.00.

This position is not eligible for any form of sponsorship now or in the future. Individuals requiring sponsorship (e.g. OPT or H1Bvisastatus) should not apply. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position.

Rewards and Benefits

With benefits starting on day one, our programs provide choice and flexibility to meet team members' individual needs, including:

• Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
• 18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
• 6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
• Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
• Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

For additional information and details regarding Grainger's benefits, please click on the link below:

https://experience100.ehr.com/grainger/Home/Tools-Resources/Key-Resources/New-Hire

The pay range provided above is not a guarantee of compensation. The range reflects the potential base pay for this role at the time of this posting based on the job grade for this position. Individual base pay compensation will depend, in part, on factors such as geographic work location and relevant experience and skills.

The anticipated compensation range described above is subject to change and the compensation ultimately paid may be higher or lower than the range described above.

Grainger reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion at any time, consistent with applicable law.

Position Details

The Senior Security Analyst , GRC Operations is a senior individual contributor within Grainger's Governance, Risk & Compliance Operations team. This role plays a critical part in managing, assessing, and continuously improving Grainger's Security Governance Programs.

The Senior Analyst is expected to provide subjectmatter expertise, operational leadership, and strategic execution across multiple GRC domains, ensuring that Grainger's security posture aligns with regulatory expectations, industry best practices, and evolving business priorities. You will partner closely with other GRC, Security, IT, and Compliance teams, and business stakeholders, to evaluate risk, mature governance processes, and deliver clear, datadriven insights to leadership.

You will

• Support the assessment and ongoing management of Grainger's Security Governance Programs, with emphasis on Cloud, AI, and Data Governance.
• Evaluate the effectiveness of existing security governance processes, identifying current-state gaps, risks, and opportunities for improvement aligned to frameworks such as NIST and ISO 27001 and global privacy regulations (HIPAA, GDPR).
• Drive process, policy, and workflow improvements across GRC Operations, contributing to the standardization and strengthening of governance practices to improve accuracy, consistency, and operational efficiency.
• Track identified risks, issues, and remediation activities through resolution, ensuring accountability, timely followup, and clear communication of status, blockers, and outcomes to stakeholders.
• Help maintain key GRC artifacts, including risk, controls, metrics, dashboards, and executivelevel reporting.
• Partner with crossfunctional stakeholders to support compliance and regulatory requirements, including audit readiness and regulatory inquiries.
• Translate complex security, risk, and compliance concepts into clear, concise communications tailored for both technical and nontechnical audiences, including senior leadership.
• Strengthen security awareness and governance communications, reinforcing accountability, riskinformed decisionmaking, and organizational understanding of security responsibilities.
• Maintain accurate documentation and evidence to support audits, internal reviews, and external regulatory engagements.
• Coordinate and support GRCrelated initiatives and projects, including managing timelines, tracking action items, organizing deliverables, and communicating status and outcomes to stakeholders.
• Monitor emerging cybersecurity threats and social engineering trends, proactively informing governance strategies and program enhancements.

You have

• Bachelor's degree or equivalent required required
• 3+ years' Experience in Information Security required
• Demonstrated knowledge of cybersecurity and privacy regulations, risk management principles, and industry frameworks.
• Handson experience developing and maintaining metrics, KPIs, and dashboards to support governance and risk reporting.
• Experience supporting or leading security governance assessments.
• Strong written and verbal communication skills, with the ability to influence crossfunctional partners and engage executive stakeholders.
• Highly organized, detailoriented, and capable of managing multiple priorities in a dynamic environment.
• Proven ability to work independently while contributing effectively within a collaborative team environment.
• Experience in project management, including planning, prioritization, dependency tracking, and driving initiatives to completion across crossfunctional teams in a dynamic environment.
• Ongoing commitment to staying informed oncybersecurity trends, threat actors, and emerging best practices.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex (including pregnancy), national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, protected veteran status or any other protected characteristic under federal, state, or local law. We are proud to be an equal opportunity workplace.

We are committed to fostering an inclusive, accessible work environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment, should you need a reasonable accommodation during the application and selection process, including, but not limited to use of our website, any part of the application, interview or hiring process, please advise us so that we can provide appropriate assistance.