Froedtert Health
Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY
Froedtert Health, Menomonee Falls, Wisconsin, United States, 53051
Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY
Join to apply for the
Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY
role at
Froedtert Health
Location:
Menomonee Falls, WI (WOODLAND PRIME 400 facility) –
Remote
FTE:
1.0 –
Standard Hours:
40.00 –
Shift:
Shift 1
Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs.
Position Responsibilities
Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (HIPAA, PCI DSS, Joint Commission).
Design role-based training for diverse audiences including clinicians, administrative staff, IT teams, and executives.
Continuously refine training materials to incorporate emerging threats and stakeholder feedback.
Build, enhance, and execute a dynamic phishing simulation program addressing sector‑specific threats such as ransomware and patient data phishing schemes.
Analyze simulation metrics and provide actionable insights to improve employee awareness.
Develop and maintain educational material to support cybersecurity initiatives.
Deliver targeted follow‑up training for individuals or teams with repeated simulation failures.
Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
Design and execute large‑scale security awareness campaigns, ensuring alignment with cultural transformation goals.
Partner with leadership to create impactful security messaging and content tailored to high‑risk roles.
Ensure training programs align with healthcare‑specific regulations and standards such as HIPAA, PCI DSS, and Joint Commission.
Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
Provide support for audits and regulatory reviews by showcasing training program effectiveness.
Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
Prepare reports and presentations for leadership highlighting program impact and alignment with organizational goals.
Partner with IT, Risk Management, and Clinical Operations teams to integrate training initiatives seamlessly across the organization.
Lead security awareness efforts during organizational transitions, such as the Froedtert‑ThedaCare merger, ensuring program consistency and harmonization.
Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.
Assist with routine GRC activities such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
Support the documentation and dissemination of cybersecurity policies, standards, and procedures.
Desired Experience
1‑3 years of experience in a related field (preferred 3+ years).
At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare.
Proven track record managing phishing simulation programs and security training platforms (KnowBe4, LMS).
Experience creating and executing large‑scale awareness campaigns using multimedia tools.
Education
Bachelor’s degree in Computer Science, Information Security, Communications, or related field. Equivalent experience acceptable.
Relevant certifications (CISSP, CISM, CISA, GIAC) are a plus.
Core Skills
Knowledge of healthcare regulations and cybersecurity frameworks (HIPAA, HITECH, NIST CSF, HITRUST).
Proficiency with phishing simulation platforms and LMS tools.
Strong communication, writing, public speaking, multimedia content creation.
Analytical and strategic thinking.
Collaboration and leadership skills.
Change management experience during mergers or acquisitions.
Compensation, Benefits & Perks Pay range:
$37.95 – $64.92 per hour (based on experience).
Paid time off
Career Pathways & Tuition Assistance
Medical, Dental, Vision, Life Insurance, Short & Long Term Disability
Retirement plan – 403(b)
Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, moving assistance, discounts on gym memberships, travel and other work‑life benefits.
Equal Opportunity Statement We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status. We maintain a drug‑free workplace and perform pre‑employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.
#J-18808-Ljbffr
Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY
role at
Froedtert Health
Location:
Menomonee Falls, WI (WOODLAND PRIME 400 facility) –
Remote
FTE:
1.0 –
Standard Hours:
40.00 –
Shift:
Shift 1
Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs.
Position Responsibilities
Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (HIPAA, PCI DSS, Joint Commission).
Design role-based training for diverse audiences including clinicians, administrative staff, IT teams, and executives.
Continuously refine training materials to incorporate emerging threats and stakeholder feedback.
Build, enhance, and execute a dynamic phishing simulation program addressing sector‑specific threats such as ransomware and patient data phishing schemes.
Analyze simulation metrics and provide actionable insights to improve employee awareness.
Develop and maintain educational material to support cybersecurity initiatives.
Deliver targeted follow‑up training for individuals or teams with repeated simulation failures.
Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
Design and execute large‑scale security awareness campaigns, ensuring alignment with cultural transformation goals.
Partner with leadership to create impactful security messaging and content tailored to high‑risk roles.
Ensure training programs align with healthcare‑specific regulations and standards such as HIPAA, PCI DSS, and Joint Commission.
Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
Provide support for audits and regulatory reviews by showcasing training program effectiveness.
Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
Prepare reports and presentations for leadership highlighting program impact and alignment with organizational goals.
Partner with IT, Risk Management, and Clinical Operations teams to integrate training initiatives seamlessly across the organization.
Lead security awareness efforts during organizational transitions, such as the Froedtert‑ThedaCare merger, ensuring program consistency and harmonization.
Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.
Assist with routine GRC activities such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
Support the documentation and dissemination of cybersecurity policies, standards, and procedures.
Desired Experience
1‑3 years of experience in a related field (preferred 3+ years).
At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare.
Proven track record managing phishing simulation programs and security training platforms (KnowBe4, LMS).
Experience creating and executing large‑scale awareness campaigns using multimedia tools.
Education
Bachelor’s degree in Computer Science, Information Security, Communications, or related field. Equivalent experience acceptable.
Relevant certifications (CISSP, CISM, CISA, GIAC) are a plus.
Core Skills
Knowledge of healthcare regulations and cybersecurity frameworks (HIPAA, HITECH, NIST CSF, HITRUST).
Proficiency with phishing simulation platforms and LMS tools.
Strong communication, writing, public speaking, multimedia content creation.
Analytical and strategic thinking.
Collaboration and leadership skills.
Change management experience during mergers or acquisitions.
Compensation, Benefits & Perks Pay range:
$37.95 – $64.92 per hour (based on experience).
Paid time off
Career Pathways & Tuition Assistance
Medical, Dental, Vision, Life Insurance, Short & Long Term Disability
Retirement plan – 403(b)
Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, moving assistance, discounts on gym memberships, travel and other work‑life benefits.
Equal Opportunity Statement We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status. We maintain a drug‑free workplace and perform pre‑employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.
#J-18808-Ljbffr