W.W. Grainger Risk & Compliance Analyst I - 435550600 in LAKE FOREST, Illinois
This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/ada/r/jobs/5286713 Position Description n
The individual is responsible to participate in the development and execution of operational IT risk and compliance
management strategies, monitor compliance to policies, procedures and standards that aid the organization in protecting the Grainger brand.
• Assist in the development and execution of the Grainger Global Enterprise Information Security Risk and Compliance
strategy and best practices. In particular, active participation in the development and implementation of risk assessment and
compliance strategies for international business units.
• Actively engage with a diverse group of stakeholders that include EPS, TIS and application teams, contract, records management, legal, human resources and business functions of US and international business units to:
o Increase awareness of information security risk and compliance obligations. Communicate and clarify the intent behind the existing security policies and procedures. Provide consultation on Information security risks and best practices.
o Assist in analyzing new and existing projects and initiatives to assess impact on existing security posture and compliance obligations while suggesting appropriate mitigation strategies to stakeholders for key compliance and security risks.
• Review contracts with new and existing vendors and service providers to ensure that adequate contractual protections from information security risks are included.
• Actively participate in projects to identify, prioritize, track and report the information security risks and related metrics related to Grainger US and international business units.
• Follow up and monitors the status of technology risk and compliance obligations based on assessment results and information from various monitoring and control systems.
• Review existing policies and procedures and works with management to keep them updated.
• Track compliance to policy, standards, processes and procedures to assess, monitor, report, escalate and remediate IT risk and compliance related obligations.
• Communicate unresolved or suspected security exposures, misuse, or noncompliance situations to management.
• Coordinate and monitor regulatory and risk management activities across IT functional areas, such as the development and maintenance of regulatory documentation (e.g., Sarbanes-Oxley Act compliance and PCI).
• Coordinate with the Internal Audit department on execution and follow-up of audits that relate to the Enterprise Security function.
• Maintain reliable, up-to-date, information from the government and across the industry regarding identification of new threats and vulnerabilities.
• Participate in due diligence and special review(s) work as required by management.
n Position Requirements n
Experience in design and development of policies, procedures and best practices for information security and privacy.
Ability to address and/or escalate suspected security exposures, misuse, or noncompliance with Grainger Security policies and compliance requirements including Sarbanes-Oxley (SOX) and PCI-DSS.
Ability to communicate issues of non-compliance to management and recommend modifications as necessary.
Bachelor ' s degree in Information Systems or related degree, or equivalent job experience.
2+ years of experience or training in systems Security fundamentals
Audit experience helpful but not required
Ability to cooperatively and effectively prioritize and execute tasks in a complex environment
Ability to quickly learn, be ome competent in, and effectively apply new skills
Understand dependencies between business processes, technical systems and compliance regimes.
Knowledge and ability to teach/mentor an intern.
Able to communicate cross functionally between technical and business partners
Strong attention to detail
Good written and verbal communication skills.
Good presentation skills.
Grainger is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, gender identity, sexual orientation, disability, or protected veteran status.