Sr. Information Security GRC Analyst

Overview: Sr. Information Security GRC AnalystLocation: Tire Rack – South Bend, IN (On-Site)Department: Information SecurityEmployment Type: Full-TimeSalary Range: $115,000-$125,000 annually About the RoleTire Rack is seeking a Senior Information Security GRC Analyst to support and advance our Information Security Governance, Risk, and Compliance (GRC) program.In this role, you will assess and strengthen IT and security controls across the organization while ensuring alignment with regulatory, statutory, and industry security standards including ISO/IEC 27001:2022, PCI DSS, and internal security policies. This position works closely with IT teams, business leaders, and audit stakeholders to identify risk exposures, strengthen control frameworks, support audit readiness, and drive continuous improvement in Tire Rack’s overall security posture. This role requires a strong mix of technical understanding, risk assessment expertise, and the ability to translate compliance requirements into practical, business-aligned security controls. At Tire Rack, we operate with the values of IOOGA — Integrity, Our People, Our Customers, Growth, and Attitude. What You'll Do Governance, Risk & Compliance LeadershipAdvise IT and business stakeholders on governance, risk, and compliance requirements by interpreting regulatory, statutory, and security standards and translating them into actionable control recommendations.Lead and support the organization’s information security risk management program, including risk identification, assessment, documentation, and monitoring mitigation strategies.Evaluate technology risks and recommend practical mitigation strategies aligned with business objectives.Controls & ComplianceDevelop and maintain GRC program documentation including:Security policiesStandards and proceduresRisk registersControl inventoriesEvidence repositoriesStrengthen internal security controls by identifying opportunities to improve standardization, documentation, and compliance alignment.Define and communicate control expectations, testing procedures, and audit evidence requirements across teams.Audit & TestingCoordinate internal and external audits, including planning, evidence collection, stakeholder coordination, and remediation tracking.Execute security control testing by:Defining scopeReviewing and validating evidenceDocumenting resultsIdentifying deficienciesTracking remediation through resolution.Manage compliance findings, corrective actions, and risk acceptance documentation. Program ImprovementSupport security initiatives and technology projects by embedding governance, risk, and compliance practices into delivery.Track program metrics, audit results, and compliance trends to improve security maturity over time.Provide recommendations to strengthen Tire Rack’s overall security and compliance framework.Perform other duties as assigned in support of the Information Security and Technology organization.What We're Looking ForWe are looking for a security professional who brings both technical understanding and risk management expertise while partnering effectively across teams. Required Experience5–7 years of experience in IT, cybersecurity, risk management, audit, or compliance roles.Strong knowledge of information security frameworks including:ISO/IEC 27001PCI DSSFamiliarity with GDPR conceptsUnderstanding of IT environments, systems, and security controls across infrastructure, applications, and data environments.Skills & CompetenciesStrong analytical and problem-solving abilities with the capacity to identify trends, patterns, and control risks.Ability to evaluate control design and operational effectiveness.Excellent documentation, organization, and attention to detail.Strong communication skills with the ability to explain complex technical or compliance concepts to both technical and non-technical audiences.Ability to work independently while collaborating effectively with cross-functional stakeholders.Required Certifications (One or more)Candidates must possess one or more of the following professional certifications, or be able to obtain one within a reasonable period after hire:CISA (Certified Information Systems Auditor)CRISC (Certified in Risk and Information Systems Control)CISSP (Certified Information Systems Security Professional)CISM (Certified Information Security Manager)CompTIA Security+Equivalent or comparable information security, audit, risk, or compliance certifications may also be considered. EducationBachelor’s Degree in Information Systems, Information Technology, Cybersecurity, Risk Management, or a related field.Work ScheduleWork Days:Monday through FridayOccasional weekends may be required.Work Hours:8:00 a.m. – 5:00 p.m.Additional hours may be required depending on project or audit needs.  #tireracklv