Reporting to the Deputy CISO this is a hands-on security position working within the Information Risk Management (IRM) group and delivering solutions to the company at large. The core focus of this position is to develop and deliver the strategies, plans and execution support for the Information Security Training and Awareness Program. This role will develop and deliver awareness and training materials through various means including in-person, online learning, newsletters, and email. This person will work closely with functional Tech and business leads to align awareness deliverables to the highest risk activities and behaviors. The successful candidate will ensure the information security awareness program communicates security policies and requirements in a manner that is clear, action oriented and measurable.
RESPONSIBILITIES:
Deliver an information security awareness program that effectively engages employees resulting in measurable improvements in behavior
Partner with key teams such as Service Desk, HR Learning, Privacy and Compliance, to develop training to support the security awareness and data protection efforts.
Proactive identification of current security events, determine applicability, and develop appropriate communications
In collaboration with other IRM team members, create and distribute training or awareness communication for IRM programs
Effective communication of organizational-wide Policies and Standards to the Tech team and broader Agency and cross functional stakeholders
Develop and implement real-time awareness capabilities triggered at the point of risky behaviors identified in incident response or other technology workflows
In coordination with the organization's technology leaders and the user community, provide solutions to reduce risk of sensitive information workflows and developing risk mitigations and training plans
Coordinate and administer information security and privacy training through online learning management systems and in person methods.
Develop and maintain metrics measuring the results of individual campaigns and overall program effectiveness
Play an active role in organization's security incident response efforts, working to identify and mitigate information security threats
REQUIREMENTS:
Minimum 5 years of Information Security experience with a Bachelor's Degree
Minimum 3 years' experience in a Security Awareness function
Marketing or Communications experience a plus
Prior expeirnece defining, developing, implementing, and managing Security Awareness Programs, conducting training for security awareness, research emerging trends & best practices for security awareness.
Experience conducting Phishing simulations across an organization and an understanding of phishing targeted groups, phishing metrics and educating users on phishing
Ability to communicate complex messages in a clear and concise manner with stakeholders at all levels
Excellent organizational skills and ability to communicate with internal/external entities and executives
Effective leadership skills with demonstrated ability to coordinate people and teams to project/activity completion
Ability to work in team environment sharing responsibilities
Ability to work in a flexible environment where require