Governance Risk & Compliance Analyst

As a GRC Analyst specializing in Cybersecurity Training and Awareness, you will be responsible for designing, implementing, and managing programs that educate employees on cybersecurity best practices, mitigate human risk, and foster a culture of security across the organization. You will lead initiatives such as phishing simulations, technical and non-technical training sessions, and awareness campaigns, collaborating with stakeholders to ensure that security knowledge is accessible and actionable. This role is not limited to these tasks and may include broader GRC responsibilities as needed.

Key Responsibilities

• Training Program Development: Design and deliver comprehensive cybersecurity training programs for technical and non-technical audiences, including onboarding, annual refreshers, and role-specific modules.
• Phishing Campaigns: Plan, execute, and analyze simulated phishing campaigns to assess and improve employee resilience against social engineering attacks.
• Awareness Initiatives: Develop engaging awareness materials (newsletters, posters, videos, etc.) to promote security best practices and keep employees informed about emerging threats.
• Cyber Awareness Month Coordination: Lead the planning, logistics, and execution of Cyber Awareness Month activities, including scheduling events, organizing speakers, developing themed content, and managing communications to maximize employee engagement and learning.
• Technical Training: Provide specialized training for IT, development, and security teams on secure coding, incident response, and advanced threat mitigation techniques.
• Non-Technical Training: Create accessible training for general staff covering password hygiene, safe browsing, email security, and data protection.
• Metrics & Reporting: Track participation, completion rates, and effectiveness of training and awareness programs. Report findings to management and recommend improvements. 
• Risk Assessment: Identify human-related security risks through surveys, assessments, and campaign results; develop targeted mitigation strategies.
• Incident Response Support: Assist in post-incident reviews to identify training gaps and update programs accordingly.
• Collaboration: Work with HR, IT, and business units to integrate security awareness into organizational processes and culture.
• Documentation: Maintain records of training activities, campaign results, and awareness initiatives for audit and compliance purposes.

Qualifications
• Bachelor’s degree in Information Systems, Cybersecurity, Education, or a related field.
• Minimum of 3 years of experience in cybersecurity, governance, risk, and compliance, with a focus on training and awareness.
• Strong understanding of security frameworks (e.g., NIST, SOC2 Type 2, ISO 27001) and regulatory requirements.

Preferred Qualifications
• Certifications such as Security Awareness Professional (SAP), CISSP, CISA, or similar.
• Experience with Learning Management Systems (LMS) and phishing simulation platforms.
• Knowledge of adult learning principles and instructional design.

Skills
• Communication & Leadership: Excellent presentation and interpersonal skills; able to engage diverse audiences and lead cross-functional initiatives.
• Analytical & Problem-Solving: Ability to assess training needs, analyze campaign data, and propose effective solutions.
• Creativity: Skilled at developing engaging and memorable awareness content.
• Attention to Detail: Thorough in documenting activities and evaluating program effectiveness.
• Technical Expertise: Familiarity with cybersecurity tools, Microsoft Office Suite, and GRC platforms.

Travel Requirements
• Typically require overnight travel less than 10% of the time.

Location
• Duluth, GA.