"Alerted.org

SR. SECURITY ANALYST - GRC

ABOUT YOU:

The Sr. Security Analyst - GRC is responsible for leading and executing governance, risk management, and compliance activities that ensure Jostens’ enterprise information systems, applications, and third-party services meet established cybersecurity, privacy, and regulatory requirements. The role serves as a subject matter expert and trusted advisor across Information Security, IT, Legal, Privacy, and business stakeholders. The analyst independently evaluates security controls, manages GRC and privacy platforms, develops meaningful risk and compliance metrics, and drives continuous improvement of the organization’s security governance and awareness posture.

YOU WILL:

+ Governance, Compliance, and Program Support. Develop, maintain, and enhance information security policies, standards, procedures, and control documentation to align with organizational objectives and regulatory requirements. Support the execution of the Information Security governance framework and alignment with enterprise risk management practices. Ensure governance artifacts are reviewed, approved, communicated, and consistently applied across the organization. Lead and coordinate ongoing compliance activities for PCI DSS, SOC 2, and SOX, ensuring continuous alignment with control requirements. Serve as a platform owner and administrator for security governance and assurance platforms (e.g., ZenGRC) and security awareness platforms (e.g., KnowBe4).

+ Risk Management & Control Assurance. Perform independent assessments of management, operational, and technical security controls to evaluate control design, implementation, and operating effectiveness. Identify, document, assess, and communicate information security risks, including inherent risk, residual risk, and control gaps; assist with Risk Registry management. Facilitate risk assessments for new systems, applications, cloud services, and material changes. Support risk treatment, remediation tracking, and formal risk acceptance processes. Ensure appropriate documentation, evidence, and traceability are maintained to support internal and external assurance activities.

+ Security Awareness & Training Program. Administer and continuously improve the enterprise security awareness and training program. Manage and optimize the Training and Awareness platform, including training campaigns, phishing simulations, assignments, and reporting. Analyze awareness metrics (e.g., training completion, phishing susceptibility, trends) and present actionable insights to leadership. Partner with HR, IT, and Communications to promote a strong, security-aware culture. Provide guidance and subject matter expertise to IT, engineering, and business teams on security, risk, and compliance requirements. Develop and deliver targeted training and enablement sessions for technical and non-technical audiences.

+ Metrics, Reporting & Continuous Improvement. Define, develop, and maintain security, risk, and compliance metrics that support executive oversight and risk governance. Establish and maintain key compliance metrics aligned to organizational risk tolerance. Prepare dashboards, reports, and executive-level summaries that clearly communicate risk posture, trends, and areas requiring attention. Use data and metrics to drive remediation prioritization and continuous improvement initiatives.

+ Typical/Expected % of Overnight Travel. Less than 5% annually.

YOU HAVE:

+ Experience. Minimum of 5 years of Information Security experience in a combination of Risk Management and Compliance roles. Experience with process automation tools such as ServiceNow, Jira, MS Flow, etc. Knowledge of applicable industry rules (ISO27001, NIST, GDPR, CCPA, PCI, SOX, etc.) and expertise in Information Security best practices. Knowledge of IT Risk Management policies, requirements, tools, and procedures.

+ Education. Bachelor’s degree in Business or Accounting, Information Security, Information Management Systems, Cybersecurity, or other applicable area, or related work experience. Certification applicable to a role in Information Security Governance, Risk, and Compliance is preferred.

+ Strategic Drive. Proven track record of applying data analysis tools (e.g., Excel, Power BI) to analyze complex datasets, identify trends, and drive informed risk and compliance decisions. Experience prioritizing and managing multiple projects with competing priorities.

+ Technical Skills. Experience with GRC tools and reporting. Experience supporting PCI DSS and/or SOC 2 compliance programs in a regulated environment. Experience with Data Classification practices.

+ Great Communication Skills. Ability to understand and communicate technical information in understandable business terms. Excellent in-person and virtual communication, business writing, and presentation skills. Strong influencing, problem-solving solving and decision-making skills.

LOVE WHERE YOU WORK:

+ We care about your health. We offer competitive healthcare (health, dental, vision, coverage) in addition to voluntary benefits, including home and car insurance, pet insurance, a flexible spending account, among many more.

+ We invest in your future. Our 401K plan has immediate vesting, so you can start saving for retirement right away.

+ We believe in flexibility. We offer a hybrid schedule with on-site work 3 days a week.

+ We want you to unplug when needed. We believe in taking your time off without guilt and offer accrued paid time off and company-paid holidays. *For Washington residents, you will receive 13 vacation days, 8 paid sick leave, 8 company-paid holidays, and family paid leave.

+ We care about your development. We support tuition reimbursement after 6 months of service.

+ We believe in pay transparency. The salary range is $90,000 to $100,000 (depending on qualifications) with annual bonus eligibility.

APPLICATION DEADLINE: January 30, 2026.

ABOUT US:

Jostens leads the student commemoration market and has been serving local communities for over 125 years. We work with thousands of K-12 schools, colleges, and universities each year, and have the honor of partnering with beloved sports teams and esteemed organizations across the country. Our iconic products — like yearbooks, letter jackets, class jewelry, and championship rings — keep meaningful traditions alive and inspire millions of people to celebrate their unique stories, milestone moments, and biggest accomplishments every year. We have 13 first-class facilities across the globe, from North America to the Caribbean. Watch a short video about us here (https://f.io/HIAsH659) .

ALL ABOUT TECHNOLOGY:

Our Technology organization combines planning, analysis, and development in combination with both enterprise retail and manufacturing platforms, as well as custom development using primarily Java, web services, and web application frameworks like ReactJS/NodeJS. The Technology organization manages priorities through a centralized quarterly planning in close collaboration with business decision-making and strategy, directly supporting leadership in Marketing, Sales, Digital & Operations. Delivery is managed through typical agile, two-week scrum or Kanban methodology, leveraging a suite of Atlassian products. The Technology teams are structured organizationally to focus on key platforms and the business units that they serve. Through the utilization of best-in-class technical software, such as AWS, Tableau, SAP BPC, Oracle EBS, Salesforce, & Microsoft 360, you will get to play a critical role in determining technology solutions that steer our business. Jostens allows for a hybrid work setting that focuses on creating professional and personal development. We can’t wait to show you what our Technology Team has to offer at Jostens!

AMERICANS WITH DISABILITIES ACT (ADA):

Jostens is committed to the full inclusion of all qualified individuals. If reasonable accommodation is required to fully participate in the job application or interview process, or to perform the essential functions of the position, please reach out to our HR team at [email protected] or (952) 830-3300.

Jostens is an Equal Opportunity Employer and complies with applicable employment laws. EOE/M/F/Vet/Disabled are encouraged to apply.

California Privacy Policy: https://www.jostens.com/about/california-employee-privacy-policy