Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY

About the position Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs. The successful candidate will focus on cybersecurity awareness, phishing program operations, cybersecurity training, and GRC concepts while fostering cultural engagement and workforce behavioral change through creative and innovative initiatives. You will partner with cross-functional teams to address cybersecurity risks in clinical and non-clinical environments, ensure regulatory compliance, and contribute to the harmonization of cybersecurity programs across the Froedtert ThedaCare ecosystem.

Responsibilities

• Training and Awareness Program Management
• Phishing Program Operations
• Creative Engagement and Communications
• Regulatory and Compliance Integration
• Metrics, Reporting, and Continuous Improvement
• Collaboration and Change Management
• Risk and Compliance Integration
• Policy and Procedure Maintenance

Requirements

• 1 - 3 years of experience in a related field.
• BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.
• Technical Expertise: In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST.
• Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools.
• Familiarity with behavioral analytics and metrics for tracking training effectiveness.
• Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences.
• Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns.
• Public speaking skills and confidence in presenting to diverse audiences.
• Strong problem-solving and critical-thinking skills for addressing complex training needs.
• Experience developing data-driven strategies to improve training program impact and employee behavior.
• Demonstrated ability to collaborate across diverse teams and levels of leadership.
• Self-starter with the ability to work independently and drive initiatives in a matrixed organization.
• Proven ability to manage multiple projects with competing priorities.

Nice-to-haves

• 3 or more years of experience in a related field is preferred.
• At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare or similarly regulated industries preferred
• Proven track record managing phishing simulation programs and security training platforms (e.g., KnowBe4, LMS).
• Experience creating and executing large-scale awareness campaigns using multimedia tools
• Bachelor’s degree in Information Security, Computer Science, Communications, or a related field is preferred.
• Relevant certifications (e.g., CISSP, CISM, CISA, or GIAC) are a plus.
• Experience in large healthcare systems or regulated industries.
• Familiarity with change management and integration strategies during mergers or acquisitions.
• Experience with gamified training methods or VR/AR-based security awareness tools

Benefits

• Paid time off
• Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities
• Academic Partnership with the Medical College of Wisconsin
• Referral bonuses
• Retirement plan - 403b
• Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics
• Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available

Apply To This Job