Sr. Security Analyst GRC

Minneapolis, MN - USA

Monthly Salary: Not Disclosed

Posted on: 9 hours ago

Vacancies: 1 Vacancy

Job Summary

SR. SECURITY ANALYST - GRC

ABOUT YOU:

The Sr. Security Analyst - GRC is responsible for leading and executing governance risk management and compliance activities that ensure Jostens enterprise information systems applications and third-party services meet established cybersecurity privacy and regulatory requirements.

The role serves as a subject matter expert and trusted advisor across Information Security IT Legal Privacy and business stakeholders. The analyst independently evaluates security controls manages GRC and privacy platforms develops meaningful risk and compliance metrics and drives continuous improvement of the organizations security governance and awareness posture.

YOU WILL:

Governance Compliance and Program Support.Develop maintain and enhance information security policies standards procedures and control documentation to align with organizational objectives and regulatory requirements. Support the execution of the Information Security governance framework and alignment with enterprise risk management practices. Ensure governance artifacts are reviewed approved communicated and consistently applied across the organization. Lead and coordinate ongoing compliance activities for PCI DSS SOC 2 and SOX ensuring continuous alignment with control requirements. Serve as a platform owner and administrator for security governance and assurance platforms (e.g. ZenGRC) and security awareness platforms (e.g. KnowBe4).
Risk Management & Control Assurance.Perform independent assessments of management operational and technical security controls to evaluate control design implementation and operating effectiveness. Identify document assess and communicate information security risks including inherent risk residual risk and control gaps; assist with Risk Registry management. Facilitate risk assessments for new systems applications cloud services and material changes. Support risk treatment remediation tracking and formal risk acceptance processes. Ensure appropriate documentation evidence and traceability are maintained to support internal and external assurance activities.
Security Awareness & Training Program.Administer and continuously improve the enterprise security awareness and training and optimize the Training and Awareness platform including training campaigns phishing simulations assignments and reporting. Analyze awareness metrics (e.g. training completion phishing susceptibility trends) and present actionable insights to with HR IT and Communications to promote a strong security-aware culture. Provide guidance and subject matter expertise to IT engineering and business teams on security risk and compliance requirements. Develop and deliver targeted training and enablement sessions for technical and non-technical audiences.
Metrics Reporting & Continuous Improvement.Define develop and maintain security risk and compliance metrics that support executive oversight and risk governance. Establish and maintain key compliance metrics aligned to organizational risk tolerance. Prepare dashboards reports and executive-level summaries that clearly communicate risk posture trends and areas requiring attention. Use data and metrics to drive remediation prioritization and continuous improvement initiatives.
Typical/Expected % of Overnight Travel. Less than 5% annually.

YOU HAVE:

Experience.Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance with process automation tools such as ServiceNow Jira MS Flow of applicable industry rules (ISO27001 NIST GDPR CCPA PCI SOX etc.) and expertise in Information Security best of IT Risk Management policies requirements tools and procedures.
Education.Bachelors degree in Business or Accounting Information Security Information Management Systems Cybersecurity or other applicable area or related work experience. Certification applicable to a role in Information Security Governance Risk and Compliance is preferred.
Strategic Drive.Proven track record of applying data analysis tools (e.g. Excel Power BI) to analyze complex datasets identify trends and drive informed risk and compliance prioritizing and managing multiple projects with competing priorities.
Technical Skills.Experience with GRC tools and supporting PCI DSS and/or SOC 2 compliance programs in a regulated with Data Classification practices.
Great Communication Skills.Ability to understand and communicate technical information in understandable business in-person and virtual communication business writing and presentation skills. Strong influencing problem-solving solving and decision-making skills.

LOVE WHERE YOU WORK:

We care about your health. We offer competitive healthcare (health dental vision coverage) in addition to voluntary benefits including home and car insurance pet insurance a flexible spending account among many more.
We invest in your future. Our 401K plan has immediate vesting so you can start saving for retirement right away.
We believe in flexibility. We offer a hybrid schedule with on-site work 3 days a week.
We want you to unplug when needed. We believe in taking your time off without guilt and offer accrued paid time off and company-paid holidays. *For Washington residents you will receive 13 vacation days 8 paid sick leave 8 company-paid holidays and family paid leave.
We care about your development. We support tuition reimbursement after 6 months of service.
We believe in pay transparency. The salary range is $90000 to $100000 (depending on qualifications) with annual bonus eligibility.

APPLICATION DEADLINE: January 30 2026.

ABOUT US:

Jostens leads the student commemoration market and has been serving local communities for over 125 years. We work with thousands of K-12 schools colleges and universities each year and have the honor of partnering with beloved sports teams and esteemed organizations across the country. Our iconic products like yearbooks letter jackets class jewelry and championship rings keep meaningful traditions alive and inspire millions of people to celebrate their unique stories milestone moments and biggest accomplishments every year. We have 13 first-class facilities across the globe from North America to the Caribbean. Watch a short video about us here.

ALL ABOUT TECHNOLOGY:

Our Technology organization combines planning analysis and development in combination with both enterprise retail and manufacturing platforms as well as custom development using primarily Java web services and web application frameworks like ReactJS/NodeJS. The Technology organization manages priorities through a centralized quarterly planning in close collaboration with business decision-making and strategy directly supporting leadership in Marketing Sales Digital & Operations. Delivery is managed through typical agile two-week scrum or Kanban methodology leveraging a suite of Atlassian products. The Technology teams are structured organizationally to focus on key platforms and the business units that they serve. Through the utilization of best-in-class technical software such as AWS Tableau SAP BPC Oracle EBS Salesforce & Microsoft 360 you will get to play a critical role in determining technology solutions that steer our business. Jostens allows for a hybrid work setting that focuses on creating professional and personal development. We cant wait to show you what our Technology Team has to offer at Jostens!

AMERICANS WITH DISABILITIES ACT (ADA):

Jostens is committed to the full inclusion of all qualified individuals. If reasonable accommodation is required to fully participate in the job application or interview process or to perform the essential functions of the position please reach out to our HR team ator .

Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply.

California Privacy Policy: Experience:

Senior IC

SR. SECURITY ANALYST - GRCABOUT YOU:The Sr. Security Analyst - GRC is responsible for leading and executing governance risk management and compliance activities that ensure Jostens enterprise information systems applications and third-party services meet established cybersecurity privacy and regulat...

SR. SECURITY ANALYST - GRC

ABOUT YOU:

YOU WILL:

Governance Compliance and Program Support.Develop maintain and enhance information security policies standards procedures and control documentation to align with organizational objectives and regulatory requirements. Support the execution of the Information Security governance framework and alignment with enterprise risk management practices. Ensure governance artifacts are reviewed approved communicated and consistently applied across the organization. Lead and coordinate ongoing compliance activities for PCI DSS SOC 2 and SOX ensuring continuous alignment with control requirements. Serve as a platform owner and administrator for security governance and assurance platforms (e.g. ZenGRC) and security awareness platforms (e.g. KnowBe4).
Risk Management & Control Assurance.Perform independent assessments of management operational and technical security controls to evaluate control design implementation and operating effectiveness. Identify document assess and communicate information security risks including inherent risk residual risk and control gaps; assist with Risk Registry management. Facilitate risk assessments for new systems applications cloud services and material changes. Support risk treatment remediation tracking and formal risk acceptance processes. Ensure appropriate documentation evidence and traceability are maintained to support internal and external assurance activities.
Security Awareness & Training Program.Administer and continuously improve the enterprise security awareness and training and optimize the Training and Awareness platform including training campaigns phishing simulations assignments and reporting. Analyze awareness metrics (e.g. training completion phishing susceptibility trends) and present actionable insights to with HR IT and Communications to promote a strong security-aware culture. Provide guidance and subject matter expertise to IT engineering and business teams on security risk and compliance requirements. Develop and deliver targeted training and enablement sessions for technical and non-technical audiences.
Metrics Reporting & Continuous Improvement.Define develop and maintain security risk and compliance metrics that support executive oversight and risk governance. Establish and maintain key compliance metrics aligned to organizational risk tolerance. Prepare dashboards reports and executive-level summaries that clearly communicate risk posture trends and areas requiring attention. Use data and metrics to drive remediation prioritization and continuous improvement initiatives.
Typical/Expected % of Overnight Travel. Less than 5% annually.

YOU HAVE:

Experience.Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance with process automation tools such as ServiceNow Jira MS Flow of applicable industry rules (ISO27001 NIST GDPR CCPA PCI SOX etc.) and expertise in Information Security best of IT Risk Management policies requirements tools and procedures.
Education.Bachelors degree in Business or Accounting Information Security Information Management Systems Cybersecurity or other applicable area or related work experience. Certification applicable to a role in Information Security Governance Risk and Compliance is preferred.
Strategic Drive.Proven track record of applying data analysis tools (e.g. Excel Power BI) to analyze complex datasets identify trends and drive informed risk and compliance prioritizing and managing multiple projects with competing priorities.
Technical Skills.Experience with GRC tools and supporting PCI DSS and/or SOC 2 compliance programs in a regulated with Data Classification practices.
Great Communication Skills.Ability to understand and communicate technical information in understandable business in-person and virtual communication business writing and presentation skills. Strong influencing problem-solving solving and decision-making skills.

LOVE WHERE YOU WORK:

We care about your health. We offer competitive healthcare (health dental vision coverage) in addition to voluntary benefits including home and car insurance pet insurance a flexible spending account among many more.
We invest in your future. Our 401K plan has immediate vesting so you can start saving for retirement right away.
We believe in flexibility. We offer a hybrid schedule with on-site work 3 days a week.
We want you to unplug when needed. We believe in taking your time off without guilt and offer accrued paid time off and company-paid holidays. *For Washington residents you will receive 13 vacation days 8 paid sick leave 8 company-paid holidays and family paid leave.
We care about your development. We support tuition reimbursement after 6 months of service.
We believe in pay transparency. The salary range is $90000 to $100000 (depending on qualifications) with annual bonus eligibility.

APPLICATION DEADLINE: January 30 2026.

ABOUT US:

ALL ABOUT TECHNOLOGY:

AMERICANS WITH DISABILITIES ACT (ADA):

Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply.

California Privacy Policy: Experience:

Senior IC

Key Skills

Council
Downstream
Laboratory
Bakery
Corporate Development

Apply Now

About Company

Jostens

Explore Jostens personalized college and high school class rings, customizable yearbooks, championship rings, graduation products, and more to celebrate big moments this year.

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click