Manager, Security Awareness and Learning

About The Position

Requirements

• Bachelor’s degree or equivalent experience in Information Security, Risk Management, Education, or a related field
• Minimum five years related work experience with three years experience in IT security or application development.
• Supervisory experience preferred.
• Strong understanding of: Cyber security principles and security operations functions, Identity and Access Management concepts, Fraud and social engineering tactics, Physical security responsibilities
• Proven ability to influence and engage at all levels of the organization, including executives
• Strong written and verbal communication skills.

Nice To Haves

• Demonstrated experience leading an enterprise security awareness or learning program, or related security leadership experience, preferably in financial services or a regulated industry
• Familiarity with financial‑services regulatory expectations related to security training and awareness
• Certifications such as CISSP, CISM, CRISC, Security+, or equivalent
• Experience with phishing simulation platforms, learning management systems, and awareness metrics

Responsibilities

• Own and execute the enterprise Security Awareness & Learning strategy, aligned to the organization’s overall cyber, fraud, and operational risk posture.
• Translate emerging threats, regulatory expectations, and industry intelligence into relevant, actionable employee education.
• Lead and develop a high‑performing security awareness and learning team.
• Develop and execute strong success metrics to measure team performance.
• Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.
• Support, Design, Expand and Iterate our enterprise education covering: Cybersecurity fundamentals and secure behaviors, Identity and Access Management, Physical security responsibilities, Fraud and social engineering threats.
• Ensure training is role‑based and risk‑appropriate, with enhanced content for higher‑risk roles.
• Continuously refresh content based on emerging risks.
• Partner with Cyber Threat Intelligence and Fraud teams to ensure consistency between awareness messaging and active threat conditions.
• Oversee phishing and social engineering preparedness programs, including simulations and just‑in‑time education.
• Continuously identifying, prioritizing, and creating multi-channel awareness campaigns to mitigate top risks and emerging threats.
• Promote a security-minded culture, reinforcing employee responsibility for identifying and escalating suspicious activity.
• Align employee education with fraud prevention frameworks and internal controls to reduce financial and reputational impact.
• Partner with Cybersecurity, Fraud, and Business Continuity teams to integrate awareness outcomes into tabletop and simulated exercises.
• Reinforce employee roles and expectations during cyber and fraud incidents, ensuring learning translates into real‑world response readiness.
• Define and track meaningful metrics beyond completion rates.
• Use data to adjust training frequency, content focus, and delivery methods.
• Provide regular executive reporting on program effectiveness, trends, and risk reduction.
• Maintain alignment with regulatory expectations, audit requirements, and internal policy standards.
• Understand and implement controls and evidence processes that provide guardrails of assurance for policy integrity.
• Partner with HR and Compliance to ensure training is integrated into the employee lifecycle (onboarding, role changes, annual refresh).
• Represent the organization in industry forums and peer exchanges related to security awareness and culture.

Benefits

• Hybrid working model
• Enhanced flexibility
• In-person learning, collaboration, and connection