Education and Awareness Program Manager

Position: IS Education and Awareness Program Manager
SUMMARY:

This position serves as the business leader responsible for developing and delivering the company's security education and awareness program with the purpose of creating an enterprise security positive culture where expected security behavior is embedded into normal behavior and where all relevant individuals make effective risk-based decisions and protect critical and sensitive information and systems. This role will be responsible for liaising with other experts and vendors to execute communication and training in support of security education and awareness.

In this role, the individual must have passion for and experience with information security, and is capable of generating creative ideas that evangelize the criticality of information security in fun and engaging ways. This role will drive programs that increase visibility and understanding around information security best practices that reduce risk to our company.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.

* Establish and maintain a comprehensive Information Security Education and Awareness strategy and program that targets employees' behavior to become more security conscious and aligns with emerging CISO needs.

* Leadership and oversight of the Security Education and Awareness Program, including risk identification, content development, program road map and collaboration with teams across IT / IS to leverage the right communication mediums, training and education, and speaking engagements.

* Asset top human risk to our company and the employee behaviors that need to change to mitigate those risks.

* Create and manage Information Security Education and Awareness training programs for employees and contractors making sure the security programs comply with applicable regulations and policies, to minimize risk and mitigate / resolve audit findings.

* Actively partner with other business areas, e.g. Compliance, Fraud, HR to drive the right messages under a shared security-focused campaign and brand to enhance education and awareness activities.

* Collaborate with the CISO organization (Access & Identity, Cyber Threat Unit, and Risk Management) to enhance Information Security Education and Awareness training activities.

* Effectively measure and regularly report on the effectiveness of security education and awareness programs and delivery methods.

* Develop, collect, analyze metrics for education and awareness campaigns in terms of reach, impact, and change in behavior to determine effectiveness and influence strategy/direction.

* Determine the frequency of cybersecurity related education and awareness activities to achieve the greatest impact.

* Support cybersecurity education and awareness efforts across the employee population including executives.

* Develop targeted communications to stakeholders on identified cybersecurity related topics as needed.

* Conduct analysis and research of cybersecurity capabilities that improve the education and awareness programs and expand security messaging.

* Lead, develop, and execute cybersecurity related education and awareness activities leveraging a variety of teaching and delivery methods

* Provide support and security-related information as needed to business unit stakeholders.

* Promote and communicate information security education and awareness within the organization.

* Perform additional duties, as assigned.

* Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).

* Adheres to Bank policies and procedures and completes required training.

* Identifies and reports suspicious activity.

EDUCATION

Bachelor's Degree required in Information Security Management or equivalent work experience required

EXPERIENCE

* 3 - 5 Years of Information Technology or Information Security experience required

* Prior experience within a financial institution preferred

* Experience authoring information security policies, standards, and guidelines required

* Prior experience working with regulations in the area of FFIEC, GLBA, SOX, and FDICIA preferred

CERTIFICATES, LICENSES, REGISTRATIONS

* CISSP Certified Information Systems Security Professional preferred

* Certified Information Security Manager (CISM) preferred

* CISSA or related certifications preferred

KNOWLEDGE,

SKILLS AND ABILITIES

* Must be committed to incorporating security into all decisions and daily job responsibilities

* Strong interpersonal skills and professionalism to foster collaboration, increased education and awareness and promote a cybersecurity savvy workforce.

* Requires good analytical skills with experience creating a security education and awareness strategy and implementing the program to carry out the strategy.

* Strong knowledge of core Information Security concepts related to Governance, Risk & Compliance.

* Broad knowledge IS policies, standards and guidelines.

* Broad…