Manager, Information Security - Risk Management jobs in United States
cer-icon
Apply on Employer Site
company-logo

Grainger · 10 hours ago

Manager, Information Security - Risk Management

positionLake Forest, IL
timeFull-time
remoteHybrid
seniorityMid, Senior Level
money$123K/yr - $205K/yr
date6+ years exp

Grainger is a leading broad line distributor serving over 4.5 million customers worldwide. The Manager of Security Risk will lead the Information Security Risk team, manage the security risk program, and ensure alignment with regulatory obligations while driving simplicity and effectiveness in the overall Information Security program.

HospitalityIndustrialManufacturingOffice SuppliesSupply Chain Management
check
Comp. & BenefitsbadNo H1Bnote

Responsibilities

Lead the Information Security Risk team in alignment with security strategy and regulatory or legal obligations
Manage and execute the security risk program in collaboration with Information Security teams and stakeholders
Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships in conjunction with the compliance team
Integration expertise of vendor risk reviews, control exceptions, risk assessments, or security control requirement services
Subject Matter Expert to stakeholders and team in relation to the spirit of controls, associated security framework or regulation, and alignment to information security
Ensuring hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Grainger’s strategic needs
Monitor external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc
Manage the intake of third parties through the risk evaluation process to determine risk levels and priorities of vendors and mitigating any residual risks and/or risk acceptances
Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations

Qualification

Information Security ManagementRisk ManagementRegulatory ComplianceInformation Security FrameworksPeople ManagementCybersecurity KnowledgeISO/IEC 27001CISSP CertificationCRISC CertificationCISM CertificationCISA CertificationFinancial ManagementTeam DevelopmentLegal KnowledgeCommunication Skills

Required

Experience in managing regulatory, legal, and/or Information Security frameworks and obligations
Comprehensive understanding of the spirit behind controls and their respective frameworks, regulations, or laws
Experience in working with control owners to establish accountability, awareness, rationale, and relevance
One or more years of IT people management experience, preferably in Information Security
Written and verbal communication skills
Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
Skills in financial/budget management, scheduling and resource management

Preferred

A degree in Engineering, Information Technology, Computer Science, Risk Management, or Audit Practices is preferred
Professional management certification in a related field such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred
Experience in building, training, and developing a high-performing team
Knowledge of information risk management, cybersecurity and IT compliance technologies
Knowledge of relevant legal and regulatory requirements
Six or more years of relevant work experience in a combination of risk management, information security and technology

Benefits

Medical, dental, vision, and life insurance plans with coverage starting on day one of employment and 6 free sessions each year with a licensed therapist to support your emotional wellbeing.
18 paid time off (PTO) days annually for full-time employees (accrual prorated based on employment start date) and 6 company holidays per year.
6% company contribution to a 401(k) Retirement Savings Plan each pay period, no employee contribution required.
Employee discounts, tuition reimbursement, student loan refinancing and free access to financial counseling, education, and tools.
Maternity support programs, nursing benefits, and up to 14 weeks paid leave for birth parents and up to 4 weeks paid leave for non-birth parents.

Company

Grainger

twittertwittertwitter
Glassdoor4.1
company-logo
As a leading business-to-business organization, more than 4.5 million customers worldwide rely on Grainger for products in categories such as safety, material handling and metalworking, along with services like inventory management and technical support.
dateFounded in 1927
location
Savannah, Georgia, USA
people-size10001+ employees
web-link
https://www.grainger.com

Funding

Current Stage
Public Company
Total Funding
unknown
1978-01-13IPO

Leadership Team

leader-logo
D. G. Macpherson
Chief Executive Officer
linkedin
leader-logo
Nancy Berardinelli-Krantz
Senior Vice President and Chief Legal Officer
linkedin

Recent News

Benzinga.com
If You Invested $1000 In W.W. Grainger Stock 5 Years Ago, You Would Have This Much Today
2025-12-30
thefly.com
Grainger price target raised by $12 at Barclays, here's why
2025-11-08
Research and Markets
Europe Maintenance, Repair, and Operations (MRO) Market Report 2025-2034, Competitive Analysis of Adolf Wurth, Airgas, WESCO, Sonepar, and W.W. Grainger
2025-11-07
Company data provided by crunchbase