Director, Information Security

Work Location Type: Hybrid
As a leading industrial distributor with operations primarily in North America, Japan and the United Kingdom, We Keep The World Working® by serving more than 4.5 million customers worldwide with products delivered through innovative technology and deep customer relationships. With 2023 sales of $16.5 billion, we're dedicated to providing value for customers, fostering an engaging culture for team members and driving strong financial results.
Our welcoming workplace enables you to learn, grow and make a difference by keeping businesses running and their people safe. As a 2024 Glassdoor Best Place to Work and a Great Place to Work-Certified™ company, we're looking for passionate people to join our team as we continue leading the industry over our next 100 years.
Position Details:
The Director, Cybersecurity Operations is responsible for leading and overseeing the Cybersecurity Operations team to ensure the effective identification, mitigation, and response to cyber threats. This role plays a critical part in protecting Grainger's digital assets, ensuring compliance with regulatory requirements, and maintaining a robust cybersecurity posture.
The Director will work closely with other IT, compliance, legal, and risk management teams to ensure alignment with the organization's strategic goals while driving continuous improvement in security operations. This position will report to the Chief Information Security Officer and will be based at our offices in the Chicago area.
You Will:

• Evaluate risk, business threats, and security program capabilities to implement a security operations strategy that achieves defined security outcomes and reduces risk.

• Lead the Cyber Security Operations Center (CSOC) and ensure 24x7 monitoring of events, threat intelligence, and vulnerability management.

• Develop and continually update the Cyber Incident Response Program, ensuring continuous improvement and maturity.

• Define and maintain dashboards and metrics to support the Cyber Incident Response Program and CSOC maturity efforts.

• Perform periodic table-top simulations and educational sessions to improve CSOC response capabilities.

• Lead incident response investigations, coordinate response activities, and update leaders while maintaining confidentiality.

• Identify existing and emerging threats and communicate them to the Information Security leadership team.

• Foster a culture of collaboration, innovation, and excellence within the cybersecurity team.

• Develop and manage the cybersecurity operations budget, ensuring cost-effective resource allocation.

• Collaborate with internal and external stakeholders, including Governance, Risk and Compliance, legal, IT architecture, security engineering, product security, and the fraud team, to support the security program.

• Oversee vulnerability management programs, ensuring timely identification and remediation of security weaknesses.

• Lead the development and maintenance of threat intelligence capabilities to proactively identify potential risks.

• Ensure compliance with relevant security frameworks, standards, and regulatory requirements (e.g., NIST, HIPAA, GDPR).

• Stay current on emerging security technologies and trends, integrating relevant tools and practices into operations.

• Maintain up-to-date knowledge of the cybersecurity landscape, including emerging threats and best practices.

• Develop and deliver regular reports on the status of cybersecurity operations to senior management.

• Manage relationships with external security vendors and service providers.

You Have:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field, or equivalent experience.

• 10+ years of experience in information security, with at least 5 years in a leadership role.

• Proven experience managing a CSOC or security operations team in a complex, enterprise environment.

• Hands-on experience with incident response, threat intelligence, vulnerability management, and security technologies (SIEM, IDS/IPS, firewalls, etc.).

• Relevant certifications such as CISSP, CISM, CISA, CEH, or GIAC are highly preferred.

• Strong leadership and people management skills.

• Excellent communication and presentation skills, with the ability to engage effectively with both technical and non-technical stakeholders.

• Strong understanding of security frameworks, regulatory requirements, and emerging cybersecurity threats.

• Ability to think strategically and implement solutions that align with business objectives.

• Crisis management skills and the ability to manage relationships and communication channels.

• Understanding of current and emerging threats and associated countermeasures by establishing solid relationships with cyber threat teams and vendors.

• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Rewards and Benefits:
With benefits starting day one, Grainger is committed to your safety, health, and wellbeing. Our programs provide choice and flexibility to meet our team members' individual needs. Check out some of the rewards available to you at Grainger.

• Medical, dental, vision, and life insurance plans
• Generous paid time off (PTO) and 6 company holidays per year
• Automatic 6% 401(k) company contribution each pay period.
• Employee discounts, parental leave, 3:1 match on donations, and tuition reimbursement.
• A comprehensive set of emotional, financial, physical, and social well-being programs

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
We are committed to fostering an inclusive, accessible environment that includes both providing reasonable accommodations to individuals with disabilities during the application and hiring process as well as throughout the course of one's employment. With this in mind, should you need a reasonable accommodation during the application and selection process, please advise us so that we can provide appropriate assistance.
#LI SM1
#LI Hybrid