Security Awareness Prog Mgr

About The Position

Requirements

• Bachelor’s Degree in Cybersecurity, Information Technology, Communications, Education, or a related field.
• 7+ years relevant experience in IT Security or Cybersecurity, training and development, communications, or related disciplines.
• 3+ years direct experience managing a security awareness program or equivalent function.
• Proven experience developing and managing IT Security or Cybersecurity training and awareness programs.
• Strong knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, PCI DSS, ISO 27001).
• Experience with phishing simulation platforms and LMS tools.
• Excellent project management and vendor management skills.
• Ability to analyze risk trends and human behavior metrics to adjust awareness strategies.
• Strong interpersonal skills with proven ability to influence at all levels of the organization.
• Excellent written and verbal communication skills, including the ability to translate technical concepts into engaging, accessible messages.
• Creativity and innovation for designing effective, compelling educational campaigns tailored to diverse audiences.
• Organizational agility and project management expertise, adept at balancing multiple initiatives and stakeholder relationships.
• High degree of professionalism, integrity, and confidentiality.

Nice To Haves

• Security certifications such as CISSP, CISM, CISA, or SSAP (SANS Security Awareness Professional).
• Certifications in adult learning, instructional design, or change management (e.g., CPLP, Prosci).
• Experience working in regulated industries or global organizations with compliance requirements (e.g., GDPR, HIPAA).
• Familiarity with scripting or automation tools (e.g., Python, PowerShell, APIs) used in awareness programs.

Responsibilities

• Building, maintaining, assigning, and tracking annual Security & Privacy Training and Developer Secure Code Training, ensuring compliance and audit requirements are met.
• Managing monthly phishing simulation and periodic voice phishing programs, including reporting and analysis for effectiveness.
• Developing and coordinating year-round security awareness events such as Security Champions, Cyber Security Awareness Month (CSAM), Data Privacy Week, and Internet Safety Month, featuring internal/external speakers, lunch & learns, virtual activities, and creative training materials.
• Collaborating with leaders to design and deliver engaging communications for all cybersecurity projects and initiatives.
• Creating new security training and awareness content and strategies in partnership with Security, Learning & Development, and Communications teams.
• Maintaining the Security intranet and SharePoint sites to provide up-to-date resources and messaging.
• Managing end-to-end vendor relationships from RFP participation to project delivery and performance evaluation.
• Owning and executing projects for both integrated and non-integrated subsidiaries, supporting employees and contractors.
• Analyzing training and simulation metrics, reporting on effectiveness, and strategizing improvements based on data and industry trends.
• Utilizing AI prompt creation for developing graphics and content as needed.
• Advising senior leadership on human risk and behavior-change strategies, presenting program performance and strategic plans to leadership and compliance/audit teams.

Benefits

• Inclusive culture with associate-led Business Resource Groups
• Flexible PTO (22 days) and Holiday Schedule (7 observed paid holidays)
• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!
• https://careers.staples.com/Staples-Life/Benefits