Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - Security

Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY

Join to apply for the Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY role at Froedtert Health

Location: Menomonee Falls, WI (WOODLAND PRIME 400 facility) –
Remote

FTE: 1.0 –
Standard

Hours:

40.00 –
Shift: Shift 1

Froedtert Theda Care Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs.

• Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (HIPAA, PCI DSS, Joint Commission).
• Design role-based training for diverse audiences including clinicians, administrative staff, IT teams, and executives.
• Continuously refine training materials to incorporate emerging threats and stakeholder feedback.
• Build, enhance, and execute a dynamic phishing simulation program addressing sector‑specific threats such as ransomware and patient data phishing schemes.
• Analyze simulation metrics and provide actionable insights to improve employee awareness.
• Develop and maintain educational material to support cybersecurity initiatives.
• Deliver targeted follow‑up training for individuals or teams with repeated simulation failures.
• Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
• Design and execute large‑scale security awareness campaigns, ensuring alignment with cultural transformation goals.
• Partner with leadership to create impactful security messaging and content tailored to high‑risk roles.
• Ensure training programs align with healthcare‑specific regulations and standards such as HIPAA, PCI DSS, and Joint Commission.
• Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
• Provide support for audits and regulatory reviews by showcasing training program effectiveness.
• Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
• Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
• Prepare reports and presentations for leadership highlighting program impact and alignment with organizational goals.
• Partner with IT, Risk Management, and Clinical Operations teams to integrate training initiatives seamlessly across the organization.
• Lead security awareness efforts during organizational transitions, such as the Froedtert‑Theda Care merger, ensuring program consistency and harmonization.
• Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.
• Assist with routine GRC activities such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
• Support the documentation and dissemination of cybersecurity policies, standards, and procedures.

• 1‑3 years of experience in a related field (preferred 3+ years).
• At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare.
• Proven track record managing phishing simulation programs and security training platforms (KnowBe4, LMS).
• Experience creating and executing large‑scale awareness campaigns using multimedia tools.

• Bachelor’s degree in Computer Science, Information Security, Communications, or related field. Equivalent experience acceptable.
• Relevant certifications (CISSP, CISM, CISA, GIAC) are a plus.

• Knowledge of healthcare regulations and cybersecurity frameworks (HIPAA, HITECH, NIST CSF, HITRUST).
• Proficiency with phishing simulation platforms and LMS tools.
• Strong communication, writing, public speaking, multimedia content creation.
• Analytical and strategic thinking.
• Collaboration and leadership skills.
• Change management experience during mergers or acquisitions.