Senior Analyst, Education & Awareness

About The Position

Requirements

• Bachelor's degree in Information Security, Cybersecurity, Communications, Education, Instructional Design, or a related field, or equivalent experience.
• Minimum of 3 years of experience in security awareness, security education, human risk management or cybersecurity training in an enterprise environment.
• Experience with phishing simulation platforms, learning management systems (LMS), and content creation tools.
• Demonstrable experience designing and executing awareness/training programs, including phishing simulation campaigns and behavior-change initiatives.
• Strong understanding of human factors in cybersecurity, adult learning principles, instructional design (e-learning, micro-learning), change management and communication theory.
• Excellent written and verbal communication skills; able to translate complex technical/security concepts into clear, engaging content for non-technical audiences.

Nice To Haves

• Experience working in or with a large enterprise (multi-site, multi-time zone) is advantageous.

Responsibilities

• Identify and assess human-risk vectors (such as phishing, social engineering, remote work exposures, shadow IT, device misuse) and design targeted awareness interventions to mitigate those risks.
• Manage and execute phishing simulation campaigns: configure campaigns (emails, landing pages), monitor results, analyze behavior patterns, provide feedback and improvement plans.
• Define, track and report key metrics (KPIs/KRIs) to demonstrate program effectiveness, behavior change, risk reduction and ROI (e.g., click-through rates, phishing susceptibility trend, training completion, culture survey results, risk posture improvement.
• Develop and maintain awareness and education materials: annual e-learning course, new-hire e-learning course, role-based training, podcasts, posters, newsletters, video content, intranet pages. Ensure they are engaging, accessible to multiple audiences (technical / non-technical), and aligned with brand guidelines.
• Stay abreast of emerging threats, human behavior trends, cybersecurity frameworks (NIST, NYDFS, PCI DSS, etc.), regulatory requirements and evolving best practices in awareness/training domains.
• Drive continuous improvement: collect feedback, perform root-cause analysis of awareness failure events (e.g., high phishing click-rates, repeat offenders), recommend enhancements to program design, modalities or messaging.

Benefits

• Health and wellbeing options including medical, prescription, dental, vision, hearing, accident, hospital indemnity, and life insurances
• Up to 4% matching 401(k)
• Employee Stock Purchase Plan (10% share discount)
• Tuition reimbursement
• Paid time off (15 days' vacation per year, plus 2 personal days, prorated based on start date)
• Paid sick leave as determined by state or local ordinance, prorated based on start date
• Paid holidays (7 days per year, based on start date)
• Paid volunteer time (3 days per year, prorated based on start date)