|Duties:||As a member of the IT Security team, the Security Training and Awareness Principal contributes to a comprehensive information security program. This position will be responsible for supporting the development and execution of client's information security training and awareness initiatives. As a member of the Office of the CISO organization, assist with security communications, educational material, and training to build organizational security awareness in a consistent and meaningful manner across all segments of the organization.
1. Assists in the development and maintenance of an enterprise security training and awareness program.
2. Assists in the operation and maintenance of a Security Phishing program
3. Develop and deliver strategies and plans to raise general level of security awareness at the direction of CISO
4. Develop, implement and maintain enterprise security training plan for new hires and annual themed security courses
5. Develop and disseminate security awareness communications and materials.
6. Plan and conduct security best-practices and awareness training events and learning sessions.
7. Analyze, evaluate and report on training and awareness activities.
8. Plan, manage and maintain complex, organization-wide, risk-based information security awareness campaigns and projects in support of the culture security transformation initiatives.
9. Develop and manage methods to measure the impact/effectiveness of awareness and culture projects to meet organization’s KPIs.
10. Support and assist with the information security roadmap and provide new ideas and approaches for its continued success.
11. Design, develop and deliver information security presentations and communication materials
12. Manage and support role-based and/or mandatory eLearning courses as needed
13. Partner closely with leaders of each business segment to understand specific security training required for their team members
14. Influence and educate leadership teams about information security best practices and safety
15. Assist the Office of the CISO’s security communications and delivery of security content.
|Skills:||Minimum of three years of experience in a related field
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies and standards as well as risk-related concepts to technical and nontechnical audiences at various hierarchical levels
• Extensive work experience in Information Security or Technology developing awareness programs and deliverables
• Experience working with computer-based training development tools and learning management systems
• Sound knowledge of business management and an expert knowledge of information / cybersecurity practices
• Experience responding to, analyzing, and communicating information security concerns and initiatives.
• Understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SEM, FW, Audit, Cloud Security, Mobile Security.
• Ability to work effectively in a team environment, especially with diverse personality types.
• Self-starter; ability to work independently with minimal supervision.
• Maturity to accept direction, confidence to give direction.
• Proven ability to confidently speak and present publicly
• Excellent project management and organizational skills with the ability to meet tight and competitive deadlines
• Ability to partner effectively with peers, management and staff, and internal & external business partners and vendors
• Ability to collaborate, influence and/or lead efforts as required
• Enthusiastic – must be high-energy, motivated and driven to help your team excel
• Effective facilitation and conflict resolution skills – must be able to facilitate discussion of multiple approaches and drive resolution
• Understand that your role in the organization is broader than the details included in this particular job description
• Experience in communications, human behavior or related field a plus
• Knowledge of information security risk management frameworks and compliance practices.
• Understanding of common healthcare security regulations (e.g., HIPAA, Meaningful Use, PCI DSS, ISO2700x, FDA, etc.)
• Understanding of common industry security frameworks (e.g., ISO2700x, NIST CSF, NIST SP 800-53, HITRUST, etc.)
|Education:||Bachelors in Computer Science or similar degree is preferred.|