Sr. Information Security GRC Analyst

Discount Tire Co

South Bend, IN

Apply

JOB DETAILS

SALARY

$115,000–$125,000 Per Year

SKILLS

Analysis Skills, Audit Metrics, Auditing, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Communication Skills, CompTIA Security+, Computer Security, Continuous Improvement, Corrective Action, Cross-Functional, Design Evaluation, Detail Oriented, Documentation, External Audit, ISO (International Organization for Standardization), Industry Standards, Information Technology & Information Systems, Information/Data Security (InfoSec), Internal Audit, International Electro-Technical Commission (IEC), Internet Security, Interpret Regulations, Maintain Compliance, Operational Control, Operations Processes, PCI-DSS, Problem Solving Skills, Process Improvement, Regulatory Compliance, Risk, Risk Analysis, Risk Management, Security Analysis, Security Compliance, Security Infrastructure, Statutory Laws, Team Player, Testing, Trend Analysis

LOCATION

South Bend, IN

POSTED

30+ days ago

Overview:

Sr. Information Security GRC Analyst

Location: Tire Rack - South Bend, IN (On-Site)

Department: Information Security

Employment Type: Full-Time

Salary Range: $115,000-$125,000 annually

About the Role

Tire Rack is seeking a Senior Information Security GRC Analyst to support and advance our Information Security Governance, Risk, and Compliance (GRC) program.

In this role, you will assess and strengthen IT and security controls across the organization while ensuring alignment with regulatory, statutory, and industry security standards including ISO/IEC 27001:2022, PCI DSS, and internal security policies.

This position works closely with IT teams, business leaders, and audit stakeholders to identify risk exposures, strengthen control frameworks, support audit readiness, and drive continuous improvement in Tire Rack's overall security posture.

This role requires a strong mix of technical understanding, risk assessment expertise, and the ability to translate compliance requirements into practical, business-aligned security controls.

At Tire Rack, we operate with the values of IOOGA - Integrity, Our People, Our Customers, Growth, and Attitude.

What You'll Do

Governance, Risk & Compliance Leadership

Advise IT and business stakeholders on governance, risk, and compliance requirements by interpreting regulatory, statutory, and security standards and translating them into actionable control recommendations.
Lead and support the organization's information security risk management program, including risk identification, assessment, documentation, and monitoring mitigation strategies.
Evaluate technology risks and recommend practical mitigation strategies aligned with business objectives.

Controls & Compliance

Develop and maintain GRC program documentation including:
Security policies
Standards and procedures
Risk registers
Control inventories
Evidence repositories
Strengthen internal security controls by identifying opportunities to improve standardization, documentation, and compliance alignment.
Define and communicate control expectations, testing procedures, and audit evidence requirements across teams.

Audit & Testing

Coordinate internal and external audits, including planning, evidence collection, stakeholder coordination, and remediation tracking.
Execute security control testing by:
Defining scope
Reviewing and validating evidence
Documenting results
Identifying deficiencies
Tracking remediation through resolution.
Manage compliance findings, corrective actions, and risk acceptance documentation.

Program Improvement

Support security initiatives and technology projects by embedding governance, risk, and compliance practices into delivery.
Track program metrics, audit results, and compliance trends to improve security maturity over time.
Provide recommendations to strengthen Tire Rack's overall security and compliance framework.
Perform other duties as assigned in support of the Information Security and Technology organization.

What We're Looking For

We are looking for a security professional who brings both technical understanding and risk management expertise while partnering effectively across teams.

Required Experience

5-7 years of experience in IT, cybersecurity, risk management, audit, or compliance roles.
Strong knowledge of information security frameworks including:
ISO/IEC 27001
PCI DSS
Familiarity with GDPR concepts
Understanding of IT environments, systems, and security controls across infrastructure, applications, and data environments.

Skills & Competencies

Strong analytical and problem-solving abilities with the capacity to identify trends, patterns, and control risks.
Ability to evaluate control design and operational effectiveness.
Excellent documentation, organization, and attention to detail.
Strong communication skills with the ability to explain complex technical or compliance concepts to both technical and non-technical audiences.
Ability to work independently while collaborating effectively with cross-functional stakeholders.

Required Certifications (One or more)

Candidates must possess one or more of the following professional certifications, or be able to obtain one within a reasonable period after hire:

CISA (Certified Information Systems Auditor)
CRISC (Certified in Risk and Information Systems Control)
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CompTIA Security+

Equivalent or comparable information security, audit, risk, or compliance certifications may also be considered.

Education

Bachelor's Degree in Information Systems, Information Technology, Cybersecurity, Risk Management, or a related field.

Work Schedule

Work Days:

Monday through Friday

Occasional weekends may be required.

Work Hours:

8:00 a.m. - 5:00 p.m.

Additional hours may be required depending on project or audit needs.

About the Company

Discount Tire Co

Resume Resources

Free Resume Templates Free Resume Builder