Sr. Information Security GRC Analyst
About the role
Tire Rack is seeking a Senior Information Security GRC Analyst to support and advance our Information Security Governance, Risk, and Compliance (GRC) program. This role involves assessing and strengthening IT and security controls, aligning with regulatory standards, and working closely with IT teams, business leaders, and audit stakeholders.
Responsibilities
Advise IT and business stakeholders on governance, risk, and compliance requirements by interpreting regulatory, statutory, and security standards and translating them into actionable control recommendations.
Lead and support the organization’s information security risk management program, including risk identification, assessment, documentation, and monitoring mitigation strategies.
Evaluate technology risks and recommend practical mitigation strategies aligned with business objectives.
Develop and maintain GRC program documentation including Security policies, Standards and procedures, Risk registers, Control inventories, Evidence repositories, Strengthen internal security controls by identifying opportunities to improve standardization, documentation, and compliance alignment.
Define and communicate control expectations, testing procedures, and audit evidence requirements across teams.
Coordinate internal and external audits, including planning, evidence collection, stakeholder coordination, and remediation tracking.
Execute security control testing by defining scope, reviewing and validating evidence, documenting results, identifying deficiencies, and tracking remediation through resolution.
Manage compliance findings, corrective actions, and risk acceptance documentation.
Support security initiatives and technology projects by embedding governance, risk, and compliance practices into delivery.
Track program metrics, audit results, and compliance trends to improve security maturity over time.
Provide recommendations to strengthen Tire Rack’s overall security and compliance framework.
Requirements
5-7 years of experience in IT, cybersecurity, risk management, audit, or compliance roles.
Strong knowledge of information security frameworks including ISO/IEC 27001, PCI DSS, and familiarity with GDPR concepts.
Understanding of IT environments, systems, and security controls across infrastructure, applications, and data environments.
Skills & Competencies
Strong analytical and problem-solving abilities with the capacity to identify trends, patterns, and control risks.
Excellent documentation, organization, and attention to detail.
Strong communication skills with the ability to explain complex technical or compliance concepts to both technical and non-technical audiences.
Ability to work independently while collaborating effectively with cross-functional stakeholders.
Preferred Certifications
- CISA (Certified Information Systems Auditor)
- CRISC (Certified in Risk and Information Systems Control)
- CISSP (Certified Information Systems Security Professional)
- CISM (Certified Information Security Manager)
- CompTIA Security+
Education
Bachelor’s Degree in Information Systems, Information Technology, Cybersecurity, Risk Management, or a related field.
Work Schedule
Work Days Monday through Friday. Occasional weekends may be required. Work Hours 8:00 a.m. - 5:00 p.m. Additional hours may be required depending on project or audit needs.