Cybersecurity GRC Analyst, Training & Awareness, FCH - IT - SECURITY

Remote Full-time
About the position

Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs. The successful candidate will focus on cybersecurity awareness, phishing program operations, cybersecurity training, and GRC concepts while fostering cultural engagement and workforce behavioral change through creative and innovative initiatives. You will partner with cross-functional teams to address cybersecurity risks in clinical and non-clinical environments, ensure regulatory compliance, and contribute to the harmonization of cybersecurity programs across the Froedtert ThedaCare ecosystem.

Responsibilities
• Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (e.g., HIPAA, PCI DSS, and Joint Commission requirements).
• Design role-based training for diverse audiences, including clinicians, administrative staff, IT teams, and executives.
• Continuously refine training materials to incorporate emerging threats, organizational changes, and stakeholder feedback.
• Build, enhance, and execute a dynamic, reality-based phishing simulation program, addressing sector-specific threats such as ransomware and patient data phishing schemes.
• Analyze simulation metrics and provide actionable insights to improve employee awareness and reduce risks.
• Develop and maintain educational material to support cybersecurity initiatives and training activities.
• Deliver targeted follow-up training for individuals or teams with repeated simulation failures.
• Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention.
• Design and execute large-scale security awareness campaigns, ensuring alignment with cultural transformation goals.
• Partner with leadership to create impactful security messaging and content tailored to high-risk roles.
• Ensure training programs align with healthcare-specific regulations and standards, including HIPAA, PCI DSS, and Joint Commission requirements.
• Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives.
• Provide support for audits and regulatory reviews by showcasing training program effectiveness.
• Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives.
• Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement.
• Prepare reports and presentations for leadership to highlight program impact and align with organizational goals.
• Partner with IT, Risk Management, and Clinical Operations teams to ensure training initiatives integrate seamlessly across the organization.
• Lead security awareness efforts during organizational transitions, such as the Froedtert-ThedaCare merger, ensuring program consistency and harmonization.
• Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance.
• Assist with routine GRC activities, such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests.
• Collaborate with the Risk Management team to align training efforts with identified risk scenarios, ensuring targeted mitigation strategies.
• Support the documentation and dissemination of cybersecurity policies, standards, and procedures.
• Assist in the lifecycle management of GRC documentation, ensuring alignment with training content and awareness initiatives.

Requirements
• 1 - 3 years of experience in a related field.
• BA in Computer Science or related field is required or equivalent acquired through combination of education and experience.
• In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST.
• Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools.
• Familiarity with behavioral analytics and metrics for tracking training effectiveness.
• Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences.
• Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns.
• Public speaking skills and confidence in presenting to diverse audiences.
• Strong problem-solving and critical-thinking skills for addressing complex training needs.
• Experience developing data-driven strategies to improve training program impact and employee behavior.
• Demonstrated ability to collaborate across diverse teams and levels of leadership.
• Self-starter with the ability to work indep
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

988 Crisis Counselor - Part Time – Amazon Store

Remote

Licensed Appeal Writer Remote

Remote

Operations Business Analyst - Remote / Hybrid

Remote

Experienced US-Based Remote Data Entry Specialist – Accurate Data Management and Entry for Innovative blithequark Team

Remote

Experienced Full Stack Senior Analyst - Airport Client Services Resource Planning with Predictive Modeling and Analytics for Delta Air Lines Remote

Remote

Remote Customer Care Social Media Assistant - Work from Anywhere

Remote

Senior Designer, Corporate Communications

Remote

Experienced Work from Home: Remote Customer Service Advisor – Deliver Exceptional Experiences with careerzynith

Remote

Claims Operations Director

Remote

Pharmacist Centralized Services Work From Home - NY

Remote
← Back