Security Awareness Program Specialist

Apply for the Security Awareness Program Specialist role at Webstaurant Store
.

The Security Awareness Program Specialist is responsible for developing, implementing, and maintaining a comprehensive security awareness program that reduces human risk and strengthens the organization’s security culture. This role focuses on educating employees on security policies, risks, and best practices through training, phishing simulations, and targeted communication campaigns. Working cross‑functionally with IT, HR, Legal, and other teams, the specialist ensures that employees are empowered to make secure decisions and that the organization meets compliance and risk management objectives.

• Program Development – Design, implement, and manage a security awareness program aligned with organizational policies, compliance requirements, and strategic goals.
• Training Delivery – Develop and deliver engaging security training content through e‑learning, workshops, newsletters, and campaigns.
• Phishing Simulation Management – Plan and execute phishing simulations to measure awareness, track trends, and reduce susceptibility to social engineering.
• Engagement & Communication – Create communication strategies and campaigns to promote security awareness and foster a culture of accountability.
• Metrics & Reporting – Define and track key performance indicators (e.g., click rates, training completion), and prepare reports with recommendations for improvement.
• Collaboration – Partner with IT, HR, Legal, and other departments to integrate awareness initiatives into broader organizational processes and compliance efforts.
• Continuous Improvement – Stay current on evolving threats, industry best practices, and awareness frameworks, applying them to program enhancements.

• Work is performed while sitting/standing and interfacing with a personal computer.
• Requires the ability to communicate effectively using speech, vision, and hearing.
• Requires the regular use of hands for simple grasping and fine manipulations.
• Requires occasional bending, squatting, crawling, climbing, and reaching.
• Requires the ability to occasionally lift, carry, push, or pull medium weights, up to 50 lbs.

• Access to a reliable and secure high‑speed internet connection. Cable or fiber internet connections (at least 75 Mbps download / 10 Mbps upload) are preferred, as satellite connections often cannot support the technologies used to perform day‑to‑day tasks.
• Access to a home router and modem.
• A dedicated home office space that is noise‑ and distraction‑free. The space should have strong wireless connection or a wired Ethernet connection (wired connection is preferred, if possible).
• A valid, physical address (apartment, suite, etc.). PO Boxes are not supported, as a physical address is required for you to receive your computer equipment.
• The desire and ability to work and communicate with other team members via chat, webcam, etc.
• Legal residents of one of the following states: (AK, AL, AR, AZ, CT, DE, FL, GA, IA, , IN, KS, KY, LA, MD, ME, MI, MN, MO, MS, NC, ND, NH, NM, NV, OH, OK, PA, SC, SD, TN, TX, UT, VA, VT, WI, WV, or WY). H‑1B visa sponsorship not available, W‑2 only.

• 1–3 years of experience in security awareness, information security, IT training, risk management, or a related role.
• Hands‑on experience supporting or administering security awareness or training programs is preferred.

• This role does not require a degree. We value relevant skills and experience and alignment with our core values above all else.

• Understanding of core security awareness topics (phishing, password hygiene, safe data handling, social engineering).
• Familiarity with frameworks such as NIST SP 800‑50 and NIST Cybersecurity Framework.
• Experience with training/awareness platforms (KnowBe4, Proofpoint, Mimecast, etc.).
• Strong written and verbal communication skills; ability to craft clear, engaging messages for diverse audiences.
• Analytical skills for developing metrics, interpreting phishing simulation results, and reporting program effectiveness.
• Ability to balance multiple initiatives and…