More jobs:
Cybersecurity GRC Analyst
Job in
Edina, Hennepin County, Minnesota, USA
Listed on 2026-07-13
Listing for:
Western National Insurance
Full Time, Seasonal/Temporary
position Listed on 2026-07-13
Job specializations:
-
IT/Tech
Information Security, Cybersecurity
Job Description & How to Apply Below
Western National Insurance Group is a private mutual insurance company with over 120 years of experience serving customers' property-and-casualty insurance needs in the Midwestern, Northwestern, and Southwestern United States.
Job Type: Full-time
Job SummaryWestern National is seeking a Cybersecurity GRC Analyst to strengthen the organization’s information security program by supporting regulatory compliance, managing third‑party security risk, advancing security framework maturity, leading security awareness initiatives, and delivering meaningful security metrics that enable informed business decisions.
Responsibilities- Supports insurance-related regulatory compliance by maintaining audit‑ready documentation and coordinating timely and accurate regulatory filings across multiple states.
- Partners with vendor management, legal, and business stakeholders to integrate security requirements throughout the vendor lifecycle.
- Performs security risk assessments of third‑party vendors and service providers and tracks remediation activities.
- Maintains the vendor risk register and monitors progress toward risk mitigation objectives.
- Serves as the Information Security Team's primary point of contact for state insurance departments, auditors, and compliance‑related inquiries.
- Designs, coordinates, and executes the organization's security awareness training program.
- Develops targeted awareness campaigns focused on phishing, social engineering, and secure behaviors across the organization.
- Creates and distributes security awareness communications, including newsletters, alerts, and announcements.
- Tracks training participation, measures program effectiveness, and recommends continuous improvements.
- Maps existing security controls to recognized frameworks, such as NIST Cybersecurity Framework (CSF), CIS Controls, and NYDFS requirements.
- Conducts security framework gap assessments and develops recommendations to improve organizational maturity.
- Supports evidence collection for internal audits, regulatory reviews, and annual maturity assessments.
- Defines, tracks, and reports key risk indicators (KRIs) and key performance indicators (KPIs) for the information security program.
- Develops dashboards and reports that provide leadership visibility into security compliance, awareness, incident response, and program performance.
- Assists information security leadership with executive reporting and board presentation materials.
- Exercises sound judgment when identifying compliance gaps, prioritizing work, and escalating security risks.
- Recommends process improvements that strengthen governance, documentation, compliance activities, and security awareness efforts.
- Consistently acts according to our customer experience standards.
- Performs special projects and other duties as assigned.
- Two-plus years of experience in governance, risk, and compliance (GRC); compliance; cybersecurity; or security awareness roles.
- Strong understanding of security and regulatory frameworks, such as NIST CSF, CIS Controls, COBIT, and similar standards.
- Experience supporting regulatory audits, evidence collection, or third‑party compliance assessments.
- Experience conducting vendor security risk assessments and documenting remediation activities.
- Strong understanding of governance, risk, and compliance concepts.
- Excellent organizational, written, verbal, and interpersonal communication skills.
- Proficient use of Microsoft Office applications, including Excel, PowerPoint, and Word.
- Ability to analyze information, identify trends, and communicate recommendations effectively.
- Bachelor's degree in communications, business, or a related field or equivalent relevant experience.
- Experience using governance, risk, and compliance platforms, such as Drata, Vanta, One Trust, or Archer.
- Knowledge of state insurance regulations and compliance reporting requirements.
- Experience developing or leading security awareness and phishing simulation programs.
- Experience supporting vendor management or third‑party security review processes.
- Experience developing executive dashboards and security performance reporting.
- Professional certifications, such as CompTIA…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×