Job Description
Senior GRC Analyst
Job Posting Location:  Remote, USA
Posting Start Date:  7/13/26
Req Id:  9097
Required Travel:  0 - 20%
Remote, Onsite or Hybrid?:  Remote

For more than 100 years, Modine has solved the toughest thermal management challenges for mission-critical applications. Our purpose of Engineering a Cleaner, Healthier World™ means we are always evolving our portfolio of technologies to provide the latest heating, cooling, and ventilation solutions. Through the hard work of more than 11,000 employees worldwide, our Climate Solutions and Performance Technologies segments advance our purpose with systems that improve air quality, reduce energy and water consumption, lower harmful emissions, enable cleaner running vehicles, and use environmentally friendly refrigerants. Modine is a global company headquartered in Racine, Wisconsin (U.S.), with operations in North America, South America, Europe, and Asia. For more information about Modine, visit modine.com

Position Description

We are seeking a highly structured, process-oriented, and proactive Senior GRC (Governance, Risk, and Compliance) Analyst to join our Information Security GRC team. 

In this critical role, you will be the driving force behind the execution and continuous improvement of our IT General Controls (ITGC) framework, SOX compliance program, and overall risk management practices. You will serve as a key bridge between control owners, IT operational teams, internal/external audit, and corporate risk management. As a self-starter with deep compliance expertise, you will lead efforts to review, analyze, and update cybersecurity policies, manage GRC platform automation, and ensure that security risks are systematically identified, documented, and remediated. 

Key Responsibilities

1. ITGC & SOX Compliance Management 

  • Control Lifecycle Ownership: Track, monitor, and follow up with IT control owners to ensure all ITGC and SOX-related control tests and evidence collections are executed accurately, thoroughly, and on schedule. 
  • Audit Readiness: Act as the primary coordinator for internal and external auditors during security and compliance reviews, ensuring timely delivery of documentation and evidence. 
  • Remediation & Correction: Partner with IT and Security teams to design, document, and track effective remediation plans for any identified control gaps or deficiencies. 

2. Policy, Standards & Procedures Governance 

  • Policy Lifecycle: Lead the periodic review, analysis, and modernization of information security policies, standards, guidelines, and operating procedures to ensure alignment with evolving industry regulations and corporate risk tolerance. 
  • Process Standardization: Support the development of clear, actionable technical standards and procedural documentation that simplify compliance for system administrators and business process owners. 
  • Alignment: Ensure corporate security documentation matches standard industry frameworks (e.g., NIST CSF, ISO 27001, COBIT, COSO). 

3. Risk Assessment & GRC Tool Management 

  • GRC Tool Administration: Manage and optimize our GRC platform (such as SimpleRisk or similar tools) to automate risk registers, compliance mappings, and control tracking. 
  • Risk Assessments: Conduct comprehensive IT and security risk assessments across applications, infrastructure, and third-party vendors. 
  • Risk Register Maintenance: Document risks, vulnerabilities, and policy exceptions systematically, tracking them from identification through to mitigation or formal acceptance. 

4. Business Partnering & Stakeholder Collaboration 

  • Cross-Functional Liaison: Build strong, collaborative relationships with stakeholders across IT, Information Security, Internal Audit, Corporate Risk Management, and External Auditors. 
  • Control Owner Support: Act as a subject matter expert and trusted advisor to control owners, offering ongoing guidance on compliance expectations, control design, and testing methodology. 
  • Executive Reporting: Prepare clear, metrics-driven status updates, compliance dashboards, and risk posture reports for leadership. 

5. Awareness & Continuous Improvement 

  • Process Orientation: Constantly evaluate current GRC workflows to eliminate friction, automate manual checks, and introduce best practices. 
  • Training & Enablement: Facilitate training sessions and develop educational resources for control owners to enhance organizational compliance awareness and accountability. 

Required Education & Qualifications

Required Qualifications 

  • Experience: 5+ years of dedicated experience in Information Security GRC, IT Audit, or IT Compliance, with a proven track record of managing and auditing IT General Controls (ITGCs) and SOX compliance. 
  • Process Mindset: Extremely process-oriented with exceptional organizational and project management skills; ability to track dozens of moving compliance targets simultaneously without losing details. 
  • Work Style: Proven self-starter who can take initiative, work independently, meet strict regulatory deadlines, and proactively drive results. 
  • Tooling: Practical experience configuring and utilizing modern GRC tools (e.g., SimpleRisk, AuditBoard, LogicGate, or similar). 
  • Framework Knowledge: Deep familiarity with leading risk and control frameworks (e.g., NIST CSF, COBIT, COSO, ISO 27001/27002). 
  • Communications: Outstanding written and verbal communication skills, with the ability to translate complex technical control concepts into plain language for diverse audit, security, and business stakeholders. 
  • Company Alignment: Ability to apply core corporate values and support operational efficiency initiatives (including 80/20 principles) to optimize GRC workflows. 

Education & Certifications 

  • Education: Bachelor’s degree in Information Technology, Management Information Systems (MIS), Cybersecurity, Accounting, Finance, Business Administration, or equivalent professional experience. 
  • Preferred Certifications: Highly desirable professional credentials such as: 
  • Certified Information Systems Auditor (CISA) 
  • Certified in Risk and Information Systems Control (CRISC) 
  • Certified Information Security Manager (CISM) 
  • Certified Information Systems Security Professional (CISSP) 

Travel Requirements 

  • This position may require up to 15% travel depending on project needs and compliance audits. 

Why Choose Modine? 

Health & Well-being:

  • Day One
    • Competitive health, dental & vision insurance coverage
    • Employee Assistance Program
  • After 90 days of continuous employment
    • Maternity Leave (12 weeks at 100% pay)
      • 8 weeks of short term disability leave paid at 100%
      • 4 weeks of paid parental leave paid at 100%
    • Paternity Leave (4 weeks at 100% pay)

 

Financial Benefits:

  • 401k Retirement plan and company paid match 
  • Life Insurance
  • Health Savings Account (HSA) with employer contribution
  • Flexible Spending Accounts (FSA)
  • Short Term Disability (company paid)
  • Long Term Disability

 

Work-Life Balance:

  • Competitive time-off policies
  • Tuition Reimbursement 

 

To view full benefits information: MyModine Benefits

 

Modine is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other characteristic protected by law.  Modine provides a competitive benefit package, which could include paid vacation, short term disability, 401(k), health, dental, vision, life insurance, flex spending benefits, tuition reimbursement, Health Savings Account and much more. Human Resources will provide more detail upon your hiring.

#LI-RR1

#LI-Remote

The salary range for this position is estimated in good faith to be $120,000-$190,000. The specific offer will depend on the candidate’s qualifications, experience, and other job-related considerations but will be within the stated range. Where required by applicable law, a general description of benefits and other compensation offered for this role is also provided or made available.   

This position is not eligible for any form of sponsorship (e.g. OPT or H1B visa status) now or in the future. Only individuals authorized to work in the United States now and for the foreseeable future will be considered for this position.