Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY

About The Position

Requirements

• 1 - 3 years of experience in a related field.
• BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.
• In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST.
• Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools.
• Familiarity with behavioral analytics and metrics for tracking training effectiveness.
• Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences.
• Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns.
• Public speaking skills and confidence in presenting to diverse audiences.
• Strong problem-solving and critical-thinking skills for addressing complex training needs.
• Experience developing data-driven strategies to improve training program impact and employee behavior.
• Demonstrated ability to collaborate across diverse teams and levels of leadership.
• Self-starter with the ability to work independently and drive initiatives in a matrixed organization.
• Proven ability to manage multiple projects with competing priorities.

Nice To Haves

• 3 or more years of experience in a related field is preferred.
• At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare or similarly regulated industries preferred
• Proven track record managing phishing simulation programs and security training platforms (e.g., KnowBe4, LMS).
• Experience creating and executing large-scale awareness campaigns using multimedia tools
• Bachelor’s degree in Information Security, Computer Science, Communications, or a related field is preferred.
• Relevant certifications (e.g., CISSP, CISM, CISA, or GIAC) are a plus.
• Experience in large healthcare systems or regulated industries.
• Familiarity with change management and integration strategies during mergers or acquisitions.
• Experience with gamified training methods or VR/AR-based security awareness tools

Responsibilities

• Training and Awareness Program Management:
• Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (e.g., HIPAA, PCI DSS, and Joint Commission requirements).
• Design role-based training for diverse audiences, including clinicians, administrative staff, IT teams, and executives.
• Continuously refine training materials to incorporate emerging threats, organizational changes, and stakeholder feedback.
• Phishing Program Operations:
• Build, enhance, and execute a dynamic, reality-based phishing simulation program, addressing sector-specific threats such as ransomware and patient data phishing schemes.
• Analyze simulation metrics and provide actionable insights to improve employee awareness and reduce risks.
• Develop and maintain educational material to support cybersecurity initiatives and training activities.
• Deliver targeted follow-up training for individuals or teams with repeated simulation failures.
• Creative Engagement and Communications:
• Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
• Design and execute large-scale security awareness campaigns, ensuring alignment with cultural transformation goals.
• Partner with leadership to create impactful security messaging and content tailored to high-risk roles.
• Regulatory and Compliance Integration:
• Ensure training programs align with healthcare-specific regulations and standards, including HIPAA, PCI DSS, and Joint Commission requirements.
• Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
• Provide support for audits and regulatory reviews by showcasing training program effectiveness.
• Metrics, Reporting, and Continuous Improvement:
• Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
• Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
• Prepare reports and presentations for leadership to highlight program impact and align with organizational goals.
• Collaboration and Change Management:
• Partner with IT, Risk Management, and Clinical Operations teams to ensure training initiatives integrate seamlessly across the organization.
• Lead security awareness efforts during organizational transitions, such as the Froedtert-ThedaCare merger, ensuring program consistency and harmonization.
• Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.
• Risk and Compliance Integration:
• Assist with routine GRC activities, such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
• Collaborate with the Risk Management team to align training efforts with identified risk scenarios, ensuring targeted mitigation strategies.
• Policy and Procedure Maintenance:
• Support the documentation and dissemination of cybersecurity policies, standards, and procedures.
• Assist in the lifecycle management of GRC documentation, ensuring alignment with training content and awareness initiatives.

Benefits

• Paid time off
• Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities
• Academic Partnership with the Medical College of Wisconsin
• Referral bonuses
• Retirement plan - 403b
• Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics
• Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available