Jostens · 3 weeks ago
Sr. Security Analyst - GRC
Minneapolis, MN
Full-time
Hybrid
Mid, Senior Level
$90K/yr - $100K/yr
5+ years expJostens is a leader in the student commemoration market and has been serving local communities for over 125 years. The Sr. Security Analyst - GRC is responsible for leading governance, risk management, and compliance activities to ensure the organization's information systems meet cybersecurity and regulatory requirements.
Consumer GoodsManufacturingRetail
Responsibilities
Develop, maintain, and enhance information security policies, standards, procedures, and control documentation to align with organizational objectives and regulatory requirements
Support the execution of the Information Security governance framework and alignment with enterprise risk management practices
Ensure governance artifacts are reviewed, approved, communicated, and consistently applied across the organization
Lead and coordinate ongoing compliance activities for PCI DSS, SOC 2, and SOX, ensuring continuous alignment with control requirements
Serve as a platform owner and administrator for security governance and assurance platforms (e.g., ZenGRC) and security awareness platforms (e.g., KnowBe4)
Perform independent assessments of management, operational, and technical security controls to evaluate control design, implementation, and operating effectiveness
Identify, document, assess, and communicate information security risks, including inherent risk, residual risk, and control gaps; assist with Risk Registry management
Facilitate risk assessments for new systems, applications, cloud services, and material changes
Support risk treatment, remediation tracking, and formal risk acceptance processes
Ensure appropriate documentation, evidence, and traceability are maintained to support internal and external assurance activities
Administer and continuously improve the enterprise security awareness and training program
Manage and optimize the Training and Awareness platform, including training campaigns, phishing simulations, assignments, and reporting
Analyze awareness metrics (e.g., training completion, phishing susceptibility, trends) and present actionable insights to leadership
Partner with HR, IT, and Communications to promote a strong, security-aware culture
Provide guidance and subject matter expertise to IT, engineering, and business teams on security, risk, and compliance requirements
Develop and deliver targeted training and enablement sessions for technical and non-technical audiences
Define, develop, and maintain security, risk, and compliance metrics that support executive oversight and risk governance
Establish and maintain key compliance metrics aligned to organizational risk tolerance
Prepare dashboards, reports, and executive-level summaries that clearly communicate risk posture, trends, and areas requiring attention
Use data and metrics to drive remediation prioritization and continuous improvement initiatives
Qualification
Required
Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance roles
Experience with process automation tools such as ServiceNow, Jira, MS Flow, etc
Knowledge of applicable industry rules (ISO27001, NIST, GDPR, CCPA, PCI, SOX, etc.) and expertise in Information Security best practices
Knowledge of IT Risk Management policies, requirements, tools, and procedures
Bachelor's degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity, or other applicable area, or related work experience
Proven track record of applying data analysis tools (e.g., Excel, Power BI) to analyze complex datasets, identify trends, and drive informed risk and compliance decisions
Experience prioritizing and managing multiple projects with competing priorities
Experience with GRC tools and reporting
Experience supporting PCI DSS and/or SOC 2 compliance programs in a regulated environment
Experience with Data Classification practices
Ability to understand and communicate technical information in understandable business terms
Excellent in-person and virtual communication, business writing, and presentation skills
Strong influencing, problem-solving solving and decision-making skills
Preferred
Certification applicable to a role in Information Security Governance, Risk, and Compliance is preferred
Benefits
Competitive healthcare (health, dental, vision, coverage)
Voluntary benefits, including home and car insurance, pet insurance, a flexible spending account
401K plan has immediate vesting
Hybrid schedule with on-site work 3 days a week
Accrued paid time off and company-paid holidays
Tuition reimbursement after 6 months of service
Company
Jostens
Jostens provides school related products in the United States.
1001-5000 employees
H1B Sponsorship
Jostens has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (3)
2020 (1)
Funding
Current Stage
Late StageTotal Funding
$640MKey Investors
Koch Equity Development
2024-11-12Private Equity· $450M
2024-11-12Debt Financing· $190M
2018-12-26Acquired
Leadership Team
Michael Burgess
Chief Executive Officer
Alejandro Montoya
Chief Financial Officer
Recent News
Company data provided by crunchbase