Share this Job

Information Security Analyst II

Date: Jan 13, 2022

Location: LAKE FOREST, IL, US, 60045-5201 CHICAGO, IL, US, 60603-4013

Company: Grainger Businesses

Security Analyst II protects Grainger information assets by establishing Information Security Governance.  Including; assisting with the maintenance of Information Security Policies and Procedures, performing control and risk assessments, coordaining internal and external audits and Regulatory assessments.


Making Information Security Governance available to the right teams at the right time, effectively collaborating across the organization, and making smart decisions.


Principal Duties & Responsibilities

  • Collaborate with Enterprise partner (Legal, Privacy, Procurement, etc.) to establish and maintain Information Security Governance Program.
  • Maintain Information Security Policies and Procedures.
  • Coordinate and assist with initial, annual, and ad hoc control and risk assessments Vendors, Customers and Suppliers.
  • Coordinate and assist with initial and annual contract reviews for Vendors, Customers and Suppliers.
  • Coordinate Regulatory assessments for PCI, HIPAA, SOX, NIST, CMMS via internal and external audits.
  • Identify process improvements
    • Policy Exception process
    • Risk acceptance and Authorization
  • Participate in the implementation of Governance, Risk and Control tool
    • Strengthen Policy and Procedure Controls
    • Create and maintain Control Library
    • Assist with the creation and maintenance of the Risk Register
  • Participate in Security Awareness program
  • Utilize existing workflow tool to ensure accuracy and efficiency.
    • SharePoint
    • ServiceNow
    • OneTrust
    • JIRA
  • Coordinate the gathering of metrics to ensure accurate reporting of key Information Security Governance metrics to Grainger leadership and stakeholders 

Preferred Education & Experience

  • Bachelor’s degree in Information Systems or related degree, or equivalent job experience
  • 3 - 5 years of experience Governance Risk and Compliance program.
  • 3 - 5 years SDLC policies, standards and procedures
  • 3 - 5 years Information Security Control and risk assessments
  • 3 - 5 years of combined Information Technology and Information Security work experience with a broad exposure to the following Regulations and Frameworks; PCI, HIPAA, SOX, NIST, CMMS
  • Demonstrates an understanding of information security concepts
  • Ability to quickly learn, become competent in, and effectively apply new skills
  • Ability to prioritize and execute tasks in a complex




Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.