Security Specialist

About The Position

Requirements

• 5–8+ years of experience in cybersecurity awareness, training, GRC, or related security roles.
• Hands‑on experience delivering cybersecurity training programs in a regulated or complex environment.
• Strong understanding of common cybersecurity risks, user behavior factors, and awareness best practices.
• Experience partnering with Legal, Privacy, and Compliance teams on regulatory or audit‑driven initiatives.
• Excellent communication and content‑development skills, with the ability to explain security concepts to non‑technical audiences.
• Highly organized and self‑directed, with the ability to manage multiple initiatives across a distributed organization.

Nice To Haves

• Experience in financial services or similarly regulated industries.
• Familiarity with cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, NYDFS, GLBA).
• Experience with phishing simulation and training platforms.
• Professional certifications such as CISSP, CISM, Security+, or relevant security awareness credentials

Responsibilities

• Execute the firm‑wide cybersecurity awareness and training program across all Focus firms.
• Deliver mandatory annual security training, role‑based training, and targeted campaigns addressing key cyber risks (e.g., phishing, social engineering, data protection).
• Manage and execute phishing simulation programs, including campaign design, delivery, analysis, and follow‑up education.
• Coordinate training rollouts, schedules, and communications to ensure consistent adoption across diverse business units.
• Develop, maintain, and refresh cybersecurity training content to ensure relevance, clarity, and engagement.
• Tailor training materials for different audiences, including employees, advisors, leadership, and specialized roles.
• Incorporate lessons learned from incidents, phishing results, regulatory feedback, and emerging threat trends into training content.
• Balance regulatory requirements with practical, user‑friendly messaging that supports business productivity.
• Work closely with Legal, Privacy, and Regulatory Compliance teams to ensure training content aligns with applicable laws, regulations, and contractual obligations.
• Support regulatory examinations, audits, and client due diligence efforts by providing training materials, metrics, and evidence.
• Maintain documentation demonstrating compliance with cybersecurity training and awareness requirements.
• Monitor regulatory expectations related to security awareness and adjust training accordingly.
• Define and track key training and awareness metrics (e.g., completion rates, phishing susceptibility, behavioral improvements).
• Analyze trends and results to identify risk areas and inform targeted training initiatives.
• Provide regular reporting and insights to the Head of Cybersecurity Governance and other stakeholders.
• Demonstrate the effectiveness of training programs in reducing human‑driven cyber risk.
• Partner closely with Cybersecurity Risk, Engineering, and Operations teams to align training with real‑world threats and controls.
• Coordinate with HR and Communications teams to support onboarding, policy acknowledgment, and change‑management initiatives.
• Serve as a trusted advisor to business teams on security awareness best practices.

Benefits

• medical
• dental
• vision
• life insurance
• 401(k)