Cybersecurity GRC Analyst, Training

Discover. Achieve. Succeed. #BeHere

Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility.

This job is REMOTE.

FTE: 1.000000

Standard Hours: 40.00

Shift: 1st shift flexible 7 am to 5pm

Shift Details: Holidays: Weekends:

Job Summary:

Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs. The successful candidate will focus on cybersecurity awareness, phishing program operations, cybersecurity training, and GRC concepts while fostering cultural engagement and workforce behavioral change through creative and innovative initiatives. You will partner with cross-functional teams to address cybersecurity risks in clinical and non-clinical environments, ensure regulatory compliance, and contribute to the harmonization of cybersecurity programs across the Froedtert ThedaCare ecosystem.

Position Responsibilities:

Training and Awareness Program Management:
• Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (e.g., HIPAA, PCI DSS, and Joint Commission requirements).
• Design role-based training for diverse audiences, including clinicians, administrative staff, IT teams, and executives.
• Continuously refine training materials to incorporate emerging threats, organizational changes, and stakeholder feedback.

Phishing Program Operations:
• Build, enhance, and execute a dynamic, reality-based phishing simulation program, addressing sector-specific threats such as ransomware and patient data phishing schemes.
• Analyze simulation metrics and provide actionable insights to improve employee awareness and reduce risks.
• Develop and maintain educational material to support cybersecurity initiatives and training activities.
• Deliver targeted follow-up training for individuals or teams with repeated simulation failures.

Creative Engagement and Communications:
• Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
• Design and execute large-scale security awareness campaigns, ensuring alignment with cultural transformation goals.
• Partner with leadership to create impactful security messaging and content tailored to high-risk roles.

Regulatory and Compliance Integration:
• Ensure training programs align with healthcare-specific regulations and standards, including HIPAA, PCI DSS, and Joint Commission requirements.
• Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
• Provide support for audits and regulatory reviews by showcasing training program effectiveness.

Metrics, Reporting, and Continuous Improvement:
• Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
• Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
• Prepare reports and presentations for leadership to highlight program impact and align with organizational goals.

Collaboration and Change Management:
• Partner with IT, Risk Management, and Clinical Operations teams to ensure training initiatives integrate seamlessly across the organization.
• Lead security awareness efforts during organizational transitions, such as the Froedtert-ThedaCare merger, ensuring program consistency and harmonization.
• Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.

Risk and Compliance Integration:
• Assist with routine GRC activities, such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
• Collaborate with the Risk Management team to align training efforts with identified risk scenarios, ensuring targeted mitigation strategies.

Policy and Procedure Maintenance:
• Support the documentation and dissemination of cybersecurity policies, standards, and procedures.
• Assist in the lifecycle management of GRC documentation, ensuring alignment with training content and awareness initiatives.

EXPERIENCE DESCRIPTION:

1 - 3 years of experience in a related field.

3 or more years of experience in a related field is preferred.

At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare or similarly regulated industries preferred

Proven track record managing phishing simulation programs and security training platforms (e.g., KnowBe4, LMS).

Experience creating and executing large-scale awareness campaigns using multimedia tools

EDUCATION DESCRIPTION:

BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.

Bachelor's degree in Information Security, Computer Science, Communications, or a related field is preferred.

Relevant certifications (e.g., CISSP, CISM, CISA, or GIAC) are a plus.

SPECIAL SKILLS DESCRIPTION:

Technical Expertise:
• In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST.
• Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools.
• Familiarity with behavioral analytics and metrics for tracking training effectiveness.

Creative and Communication Skills
• Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences.
• Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns.
• Public speaking skills and confidence in presenting to diverse audiences.

Analytical and Strategic Thinking
• Strong problem-solving and critical-thinking skills for addressing complex training needs.
• Experience developing data-driven strategies to improve training program impact and employee behavior.

Collaboration and Leadership:
• Demonstrated ability to collaborate across diverse teams and levels of leadership.
• Self-starter with the ability to work independently and drive initiatives in a matrixed organization.
• Proven ability to manage multiple projects with competing priorities.

Preferred Qualifications
• Experience in large healthcare systems or regulated industries.
• Familiarity with change management and integration strategies during mergers or acquisitions.
• Experience with gamified training methods or VR/AR-based security awareness tools

Compensation, Benefits & Perks at Froedtert Health

Pay is expected to be between: (expressed as hourly) $37.95 - $64.92. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process.

Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following:

• Paid time off
• Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities
• Academic Partnership with the Medical College of Wisconsin
• Referral bonuses
• Retirement plan - 403b
• Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics
• Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available

The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation.

We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262-439-1961. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.

---