Sr. Information Security GRC Analyst

Location: South Bend, Indiana (On-Site)

Salary Range: $115,000-$125,000 annually

About the Role

Tire Rack is seeking a Senior Information Security GRC Analyst to support and advance our Information Security Governance, Risk, and Compliance (GRC) program.

In this role, you will assess and strengthen IT and security controls across the organization while ensuring alignment with regulatory, statutory, and industry security standards including ISO/IEC 27001:2022, PCI DSS, and internal security policies.

This position works closely with IT teams, business leaders, and audit stakeholders to identify risk exposures, strengthen control frameworks, support audit readiness, and drive continuous improvement in Tire Rack’s overall security posture.

This role requires a strong mix of technical understanding, risk assessment expertise, and the ability to translate compliance requirements into practical, business-aligned security controls.

At Tire Rack, we operate with the values of IOOGA — Integrity, Our People, Our Customers, Growth, and Attitude.

Description

What You'll Do

Governance, Risk & Compliance Leadership

• Advise IT and business stakeholders on governance, risk, and compliance requirements by interpreting regulatory, statutory, and security standards and translating them into actionable control recommendations.
• Lead and support the organization's information security risk management program, including risk identification, assessment, documentation, and monitoring mitigation strategies.
• Evaluate technology risks and recommend practical mitigation strategies aligned with business objectives.

Controls & Compliance

• Develop and maintain GRC program documentation including: Security policies, standards and procedures, risk registers, control inventories and evidence repositories.
• Strengthen internal security controls by identifying opportunities to improve standardization, documentation, and compliance alignment.
• Define and communicate control expectations, testing procedures, and audit evidence requirements across teams.

Audit & Testing

• Coordinate internal and external audits, including planning, evidence collection, stakeholder coordination, and remediation tracking.
• Execute security control testing by: Defining scope, reviewing and validating evidence, documenting results, identifying deficiencies and tracking remediation through resolution.
• Manage compliance findings, corrective actions, and risk acceptance documentation.

Program Improvement

• Support security initiatives and technology projects by embedding governance, risk, and compliance practices into delivery.
• Track program metrics, audit results, and compliance trends to improve security maturity over time.
• Provide recommendations to strengthen Tire Rack's overall security and compliance framework.
• Perform other duties as assigned in support of the Information Security and Technology organization.

What We're Looking For

We are looking for a security professional who brings both technical understanding and risk management expertise while partnering effectively across teams.

Required Experience

• 5–7 years of experience in IT, cybersecurity, risk management, audit, or compliance roles.
• Strong knowledge of information security frameworks including: ISO/IEC 27001, PCI DSS and familiarity with GDPR concepts
• Understanding of IT environments, systems, and security controls across infrastructure, applications, and data environments.
• Bachelor's Degree in Information Systems, Information Technology, Cybersecurity, Risk Management, or a related field.

Skills & Competencies

• Strong analytical and problem-solving abilities with the capacity to identify trends, patterns, and control risks.
• Ability to evaluate control design and operational effectiveness.
• Excellent documentation, organization, and attention to detail.
• Strong communication skills with the ability to explain complex technical or compliance concepts to both technical and non-technical audiences.
• Ability to work independently while collaborating effectively with cross-functional stakeholders.

Required Certifications (One or more)

• Candidates must possess one or more of the following professional certifications, or be able to obtain one within a reasonable period after hire:
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CompTIA Security+
• Equivalent or comparable information security, audit, risk, or compliance certifications may also be considered.

Hours

• Workdays: Monday through Friday
• Occasional weekends may be required.
• Work Hours: 8:00 a.m. – 5:00 p.m.
• Additional hours may be required depending on project or audit needs.

Benefits