The Information Security Awareness Coordinator works under the direction of security leadership to manage and execute cybersecurity awareness programs for the organization and drive a security-minded culture across employees, contractors and third parties. The coordinator works with internal stakeholders and external cybersecurity awareness vendors to ensure the program is aligned with the overall strategy and leadership’s expectations.
This role stresses employee behavioral change by providing successful training and education content focused on mitigating business risk. The coordinator will measure the effectiveness of the cybersecurity awareness program, communicates metrics to security leadership and makes recommendations to improve the company’s resiliency.
Essential Duties and Responsibilities:
- Work with risk management, security teams and business contacts to align security awareness and education initiatives focused on behavioral change.
- Measure the effectiveness of the awareness and training program, make recommendations, and execute changes as needed.
- Create annual plan for education and training, including mandatory employee awareness and training as well as forward-thinking content exceeding minimum standards.
- Support day to day operation of the awareness and training program including randomized phishing exercises.
- Assess the cybersecurity threat landscape in coordination with subject matter experts and align the program with content focused on reducing risk.
- Create content employees can comprehend, regardless of their level of cybersecurity knowledge.
- Construct content around key areas of corporate risk, such as phishing, data protection, password management, social media and general cybersecurity hygiene.
- Maintain a program that delivers cybersecurity awareness and training on time and within budget.
- Keep education and awareness materials interesting, while accommodating different learning methods; including, but not limited to, written and visual (video/images).
- Offer workshops and interactive sessions, including gamification, tabletop exercises, guest speakers and general awareness training across a broad range of business and personal security topics for the workforce.
- Create content to provide baseline knowledge and then fine-tune to create role-specific training and education.
- Perform other duties as assigned such as supporting Third Party Risk Management program.
- Regular and predictable attendance is an essential function of the job.
Required Qualifications:
- At least three to five years of experience in cybersecurity, with, ideally, at least three years managing cybersecurity awareness.
- Strong project management, multitasking and organizational skills.
- Strong understanding of social engineering tactics, privacy, insider threats and data protection.
- Capable of working with many teams and promoting a positive enterprise-wide security culture.
- Ability to foster credibility with technical teams and external constituents through sustained industry knowledge.
Required Minimum Level of Education:
- Bachelor's degree preferred in Information Assurance
Required Minimum Level of Experience:
- Three to five years of cybersecurity/training and/or education practitioner experience.
Preferred Qualifications:
- Knowledge of security platforms (KnowBe4)
- CISSP, CRISC
Legal Disclaimer: NJM is proud to be an equal opportunity employer. We are committed to attracting, retaining and promoting a diverse and inclusive workforce that is fully representative of the diversity that exists in the communities in which we do business.