×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Sr. Security Analyst - GRC

Job in Minneapolis, Hennepin County, Minnesota, 55400, USA
Listing for: Jostens
Full Time position
Listed on 2026-01-07
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

SR. SECURITY ANALYST - GRC

ABOUT YOU:

The Sr. Security Analyst - GRC is responsible for leading and executing governance, risk management, and compliance activities that ensure Jostens’ enterprise information systems, applications, and third-party services meet established cybersecurity, privacy, and regulatory requirements. The role serves as a subject matter expert and trusted advisor across Information Security, IT, Legal, Privacy, and business stakeholders. The analyst independently evaluates security controls, manages GRC and privacy platforms, develops meaningful risk and compliance metrics, and drives continuous improvement of the organization’s security governance and awareness posture.

YOU

WILL:

  • Governance, Compliance, and Program Support. Develop, maintain, and enhance information security policies, standards, procedures, and control documentation to align with organizational objectives and regulatory requirements. Support the execution of the Information Security governance framework and alignment with enterprise risk management practices. Ensure governance artifacts are reviewed, approved, communicated, and consistently applied across the organization. Lead and coordinate ongoing compliance activities for PCI DSS, SOC 2, and SOX, ensuring continuous alignment with control requirements.

    Serve as a platform owner and administrator for security governance and assurance platforms (e.g., ZenGRC) and security awareness platforms (e.g., KnowBe4).

  • Risk Management & Control Assurance. Perform independent assessments of management, operational, and technical security controls to evaluate control design, implementation, and operating effectiveness. Identify, document, assess, and communicate information security risks, including inherent risk, residual risk, and control gaps; assist with Risk Registry management. Facilitate risk assessments for new systems, applications, cloud services, and material changes. Support risk treatment, remediation tracking, and formal risk acceptance processes.

    Ensure appropriate documentation, evidence, and traceability are maintained to support internal and external assurance activities.

  • Security Awareness & Training Program. Administer and continuously improve the enterprise security awareness and training program. Manage and optimize the Training and Awareness platform, including training campaigns, phishing simulations, assignments, and reporting. Analyze awareness metrics (e.g., training completion, phishing susceptibility, trends) and present actionable insights to leadership. Partner with HR, IT, and Communications to promote a strong, security-aware culture. Provide guidance and subject matter expertise to IT, engineering, and business teams on security, risk, and compliance requirements.

    Develop and deliver targeted training and enablement sessions for technical and non-technical audiences.

  • Metrics, Reporting & Continuous Improvement. Define, develop, and maintain security, risk, and compliance metrics that support executive oversight and risk governance. Establish and maintain key compliance metrics aligned to organizational risk tolerance. Prepare dashboards, reports, and executive-level summaries that clearly communicate risk posture, trends, and areas requiring attention. Use data and metrics to drive remediation prioritization and continuous improvement initiatives.

  • Typical/Expected % of Overnight Travel. Less than 5% annually.

    YOU HAVE:

  • Experience. Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance roles.

    Experience with process automation tools such as Service Now, Jira, MS Flow, etc. Knowledge of applicable industry rules (ISO
    27001, NIST, GDPR, CCPA, PCI, SOX, etc.) and expertise in Information Security best practices. Knowledge of IT Risk Management policies, requirements, tools, and procedures.

  • Education. Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity, or other applicable area, or related work experience. Certification applicable to a role in Information Security Governance, Risk, and Compliance is preferred.

  • Strategic Drive. Proven…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search