at W.W. Grainger, Inc. in Chicago, Illinois, United States
Job Description
As a leading industrial distributor with operations primarily in North America, Japan and the United Kingdom, We Keep The World Working by serving more than 4.5 million customers worldwide with products delivered through innovative technology and deep customer relationships. With 2023 sales of $16.5 billion, we're dedicated to providing value for customers, fostering an engaging culture for team members and driving strong financial results.
Our welcoming workplace enables you to learn, grow and make a difference by keeping businesses running and their people safe. As a 2024 Glassdoor Best Place to Work and a Great Place to Work-Certified company, we're looking for passionate people to join our team as we continue leading the industry over our next 100 years.
Position Details:
You will serve the essential function of bringing clarity, transparency, and relevance to the functions associated with ensuring that IT systems can be efficiently recovered and that the business is able to continue to function in the event of a disaster or cyber attack. You will be responsible for all processes, tools, people, strategy and reporting associated with this effort. You will identify improvement opportunites for continuous maturity in this space and execute projects to make those improvements.
As a collaborative partner to stakeholders and a motivating leader to the team, this role aims to drive simplicity, automation, and effectiveness to the overall Information Security program.
You will report to the Director, Information Security
You will:
Leadi the Information Security BCM and DR team in alignment with security strategy and regulatory or legal obligations.
Manage and execute the BCM/DR program in collaboration with Information Security teams and stakeholders.
Management, alignment, mapping, continuous improvement of assets, processes, and ownership in relation to BCM/DR requirements.
Integration expertise of Business Impact Analysis activities to determine asset priorities, criticality, and approach for BCM/DR.
Developing and executing the ransomware recovery strategy
Developing and executing the recovery strategy for distribution centers
Lead steering committee level meetings to promote support and drive progress
Ensure hiring, training, staff development, performance management and annual performance reviews are aligned and effectively executed to continue to grow skills and capabilities in accordance with Grainger's strategic needs.
Monitoring external developments that may impact overall risk profiles, including emerging threats, technological developments, regulatory changes, etc.
Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations.
Integration with other key Infosec organizations for optimal efficiency and strategy.
You have:
Experience in managing regulatory, legal, and/or Information Security frameworks and obligations.
Comprehensive understanding of the spirit behind controls and their respective frameworks, regulations, or laws
Experience in working with control owners to establish accountability, awareness, rationale, and relevance.
6+ years of relevant work experience in a combination of risk management, information security and technology or Bachelor's degree.
Previous Business Continuit and/or Disaster Recovery experience preferred
Strong written and verbal communication skills.
Ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels.
Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework.
Skills in financial/budget management, project management, scheduling and resource management.
Preferred:
A degree in Engineering, Information Technology, Computer Science, Risk Management, or Audit Practices is preferred.
Professional management certification in a related field such as Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials preferred
Rewards and Benefits:
With benefits starting day one, Grainger is committed to your safety, health and wellbeing. Our programs provide choice to meet our team members' individual needs. Check out some of the rewards available to you at Grainger.
Paid time off (PTO) days and 6 company... For full info follow application link.
Grainger is an Equal Opportunity Workplace and an Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.
