Sr. Information Security GRC Analyst

Sr. Information Security GRC Analyst

Location: Tire Rack – South Bend, IN (On-Site)
Department: Information Security

Employment Type: Full-Time
Salary Range: $115,000-$125,000 annually

About the Role

Tire Rack is seeking a Senior Information Security GRC Analyst to support and advance our Information Security Governance, Risk, and Compliance (GRC) program

In this role, you will assess and strengthen IT and security controls across the organization while ensuring alignment with regulatory, statutory, and industry security standards including ISO/IEC 27001:2022, PCI DSS, and internal security policies.

This position works closely with IT teams, business leaders, and audit stakeholders to identify risk exposures, strengthen control frameworks, support audit readiness, and drive continuous improvement in Tire Rack’s overall security posture.

This role requires a strong mix of technical understanding, risk assessment expertise, and the ability to translate compliance requirements into practical, business-aligned security controls.

At Tire Rack, we operate with the values of IOOGA — Integrity, Our People, Our Customers, Growth, and Attitude.

What You'll Do

Governance, Risk & Compliance Leadership

Advise IT and business stakeholders on governance, risk, and compliance requirements by interpreting regulatory, statutory, and security standards and translating them into actionable control recommendations.
Lead and support the organization’s information security risk management program, including risk identification, assessment, documentation, and monitoring mitigation strategies.
Evaluate technology risks and recommend practical mitigation strategies aligned with business objectives.

Controls & Compliance

Develop and maintain GRC program documentation including:
- Security policies
- Standards and procedures
- Risk registers
- Control inventories
- Evidence repositories
Strengthen internal security controls by identifying opportunities to improve standardization, documentation, and compliance alignment.
Define and communicate control expectations, testing procedures, and audit evidence requirements across teams.

Audit & Testing

Coordinate internal and external audits, including planning, evidence collection, stakeholder coordination, and remediation tracking.
Execute security control testing by:
- Defining scope
- Reviewing and validating evidence
- Documenting results
- Identifying deficiencies
- Tracking remediation through resolution.
Manage compliance findings, corrective actions, and risk acceptance documentation.

Program Improvement

Support security initiatives and technology projects by embedding governance, risk, and compliance practices into delivery.
Track program metrics, audit results, and compliance trends to improve security maturity over time.
Provide recommendations to strengthen Tire Rack’s overall security and compliance framework.
Perform other duties as assigned in support of the Information Security and Technology organization.

What We're Looking For

We are looking for a security professional who brings both technical understanding and risk management expertise while partnering effectively across teams.

Required Experience

5–7 years of experience in IT, cybersecurity, risk management, audit, or compliance roles.
Strong knowledge of information security frameworks including:
- ISO/IEC 27001
- PCI DSS
- Familiarity with GDPR concepts
Understanding of IT environments, systems, and security controls across infrastructure, applications, and data environments.

Skills & Competencies

Strong analytical and problem-solving abilities with the capacity to identify trends, patterns, and control risks.
Ability to evaluate control design and operational effectiveness.
Excellent documentation, organization, and attention to detail.
Strong communication skills with the ability to explain complex technical or compliance concepts to both technical and non-technical audiences.
Ability to work independently while collaborating effectively with cross-functional stakeholders.

Required Certifications (One or more)

Candidates must possess one or more of the following professional certifications, or be able to obtain one within a reasonable period after hire: