Cybersecurity GRC Analyst
Edina, MN Information Technology
Job Type
Full-time
Description

Who are we?

Western National Insurance Group is a private mutual insurance company with over 120 years of experience serving customers' property-and-casualty insurance needs in the Midwestern, Northwestern, and Southwestern United States. Known as “The Relationship Company®,” we define success as a measure of the relationships we’ve built over time. In everything that we do, we know that delivering a friendly and helpful interaction makes for a better experience for everyone involved. That’s the power of “nice”. At Western National, nice is something we work to bring to every person and organization with whom we partner and serve.


Does this opportunity interest you?

Western National is seeking a Cybersecurity GRC Analyst to join our team!


The individual in this role will have the opportunity to strengthen the organization’s information security program by supporting regulatory compliance, managing third-party security risk, advancing security framework maturity, leading security awareness initiatives, and delivering meaningful security metrics that enable informed business decisions.


What are the responsibilities and opportunities of this role?

  • Supports insurance-related regulatory compliance by maintaining audit-ready documentation and coordinating timely and accurate regulatory filings across multiple states.
  • Partners with vendor management, legal, and business stakeholders to integrate security requirements throughout the vendor lifecycle.
  • Performs security risk assessments of third-party vendors and service providers and tracks remediation activities.
  • Maintains the vendor risk register and monitors progress toward risk mitigation objectives.
  • Serves as the Information Security Team's primary point of contact for state insurance departments, auditors, and compliance-related inquiries.
  • Designs, coordinates, and executes the organization's security awareness training program.
  • Develops targeted awareness campaigns focused on phishing, social engineering, and secure behaviors across the organization.
  • Creates and distributes security awareness communications, including newsletters, alerts, and announcements.
  • Tracks training participation, measures program effectiveness, and recommends continuous improvements.
  • Maps existing security controls to recognized frameworks, such as NIST Cybersecurity Framework (CSF), CIS Controls, and NYDFS requirements.
  • Conducts security framework gap assessments and develops recommendations to improve organizational maturity.
  • Supports evidence collection for internal audits, regulatory reviews, and annual maturity assessments.
  • Defines, tracks, and reports key risk indicators (KRIs) and key performance indicators (KPIs) for the information security program.
  • Develops dashboards and reports that provide leadership visibility into security compliance, awareness, incident response, and program performance.
  • Assists information security leadership with executive reporting and board presentation materials.
  • Exercises sound judgment when identifying compliance gaps, prioritizing work, and escalating security risks.
  • Recommends process improvements that strengthen governance, documentation, compliance activities, and security awareness efforts.
  • Consistently acts according to our customer experience standards, including responding quickly, maintaining a positive attitude, building rapport, demonstrating empathy, managing the customer's expectations, using the proper communication channel for the situation, and taking ownership to ensure the customer's issue is resolved.
  • Performs special projects and other duties as assigned.
Requirements

What are the must-have qualifications for a candidate? 

  • Two-plus years of experience in governance, risk, and compliance (GRC); compliance; cybersecurity; or security awareness roles.
  • Strong understanding of security and regulatory frameworks, such as NIST CSF, CIS Controls, COBIT, and similar standards.
  • Experience supporting regulatory audits, evidence collection, or third-party compliance assessments.
  • Experience conducting vendor security risk assessments and documenting remediation activities.
  • Strong understanding of governance, risk, and compliance concepts.
  • Excellent organizational, written, verbal, and interpersonal communication skills.
  • Proficient use of Microsoft Office applications, including Excel, PowerPoint, and Word.
  • Ability to analyze information, identify trends, and communicate recommendations effectively.
  • Bachelor's degree in communications, business, or a related field or equivalent relevant experience.

What will our ideal candidate have?

  • Experience using governance, risk, and compliance platforms, such as Drata, Vanta, OneTrust, or Archer.
  • Knowledge of state insurance regulations and compliance reporting requirements.
  • Experience developing or leading security awareness and phishing simulation programs.
  • Experience supporting vendor management or third-party security review processes.
  • Experience developing executive dashboards and security performance reporting.
  • Professional certifications, such as CompTIA Security+, CISA, CRISC, or other governance, risk, and compliance-related credentials.
  • Experience within the insurance, financial services, or healthcare industry.

Compensation overview

The targeted hiring range for this role is $66,300 - $114,290 annually. However, the base pay offered may vary depending on the job-related knowledge, skills, credentials, and experience of each candidate as well as other factors such as the scope and location of the role. Candidates looking for compensation outside of the posted range are encouraged to apply and will be considered based on their individual qualifications and/or may be considered for other positions.


Culture and Total Rewards

Western National has long been known as “The Relationship Company®” and caring for our employees is part of that relationship commitment. We value connectiveness, empowerment, and accountability, and we believe that our employees are our biggest asset. 


Currently ranked as the 41st largest private company by revenue in Minnesota (Minneapolis/St. Paul Business Journal), Western National has earned accolades year-over-year as an employer of choice and garnered multiple awards for wellness in the workplace. Western National has also been named a Top Workplace by the Star Tribune for consecutive years. In addition, the Group is consistently recognized as a Ward’s 50 property-and-casualty insurance company for its outstanding financial results.


Western National offers full-time employees a significant Total Rewards Package, including:

  • Medical insurance plan options and other standard employee benefits, including dental insurance, vision benefits, life insurance, disability insurance, and more!
  • Health Savings Accounts (HSA) and Flexible Spending Accounts (FSA)
  • 401(k) Plan (participants are eligible for 100% matching on the first 6% of their contributions)
  • Wellbeing Program, including onsite fitness studio
  • Paid Time Off – including holiday, vacation, and volunteer
  • 100% company-paid tuition reimbursement for approved job-relevant coursework and access to The Institutes (Risk and insurance education)
  • Paid parental leave
  • Bonus opportunities

Western National believes in supporting balance between work and life by providing a flexible work environment, which includes a variety of hybrid and remote work arrangements designed to balance individual, job, department, and company needs. 


Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.


Western National provides employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

Salary Description
$66,300 - $114,290