We have an opening for an Information Security Awareness Manager.
This position may sit in any of our U.S. offices with a preference for Los Angeles.
The Information Security Awareness Manager is responsible for the firm’s information security awareness and training program. The goal of the program is to reduce information security risk by educating users on the role they play in protecting firm and client data and the information technology systems that house that data. In collaboration with other members of the information security team, this position will manage a broad set of activities, including: overseeing the security awareness training platform and managed services, creating and communicating information security alerts and other related campaigns, enforcing training compliance, and communicating security policies to all personnel. The Information Security Awareness Manager will also be responsible for regularly presenting reporting and metrics to leadership, and evaluating the effectiveness of techniques and resources as appropriate.
In this capacity, the Information Security Awareness Manager will:
- Develop the strategy, goals, and objectives for the information security awareness and training program;
- Drive program towards maturity including repeatable processes, reporting and metrics;
- Structure and maintain this program to be long term, with a goal of changing user perception of information security and behaviors over time;
- Ensure multiple learning styles are included in the course design by using various communication channels;
- Identify the top human risks to our organization and the behaviors needed to change to mitigate those risks;
- Adapt strategy to incorporate and address emerging technologies and risks;
- Define achievable, observable, and measurable learning objectives (skills) into training programs;
- Ensure that our information security awareness and training program communicates firm security policies and requirements so that users know, understand, and are able to follow them;
- Evaluate the effectiveness of existing information security training, education, and awareness program/activities;
- Create a metrics framework that can effectively measure engagement, behaviors, and impact;
- Develop and enforce training compliance objectives;
- Collaborate with information security technical experts as needed to augment or further develop information security training, education, and awareness activities appropriate for the firm; and
- Work with vendors as needed to establish quotes, delivery, and execution of campaigns.
In addition, the Information Security Awareness Manager will be expected to have the following:
- Applies a basic knowledge of information security and risk mitigation principles, theories, and techniques in daily work;
- Demonstrates understanding and use of basic project management methodologies, including the ability to plan, manage and maintain a complex, organization wide program over the longer term;
- Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel;
- Crafts messages to match capability of the audience;
- Ability to communicate in a simple, clear and concise manner to the various departments and personnel within our firm;
- Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including user guides, and gamification elements; and
- A high degree of independence, integrity and confidentiality.
- Bachelor’s degree;
- At least 7 years of work experience in the Information Security sector; and
- Working knowledge of NIST Cybersecurity Framework (CSF).