Sr. Cybersecurity Analyst, Security Awareness & Employee Engagement

About The Position

Requirements

• 5+ years leading or significantly contributing to security awareness, internal communications, behavior change, or learning programs in a global, cross-functional environment.
• BA/BS in Communications, Instructional Design, Information Security, or a related field, or equivalent practical experience.
• Proven ability to craft clear, compelling narratives and educational materials across formats (presentations, videos, e-learning, written communications)
• Demonstrated behavior change mindset, applying human-centered design, nudge techniques, and experimentation to drive measurable outcomes
• Integrate the use of approved AI platforms to accelerate content development, localization, and analytics while adhering to Rivian’s security and privacy requirements.
• Data-driven with experience defining metrics, building dashboards (e.g., PowerBI/Tableau), and using analytics to assess and iterate on program performance.
• Hands-on experience with LMS and authoring tools (e.g., Articulate/Captivate), phishing simulation platforms, and collaboration channels (e.g., Google Workspace, Slack, intranet)
• Strong stakeholder management, and consulting skills; able to influence across levels and functions and resolve competing priorities
• Excellent verbal and written communication skills; comfortable speaking both technically and non-technically as appropriate
• Critical thinking and creative problem-solving skills
• Able to triage multiple initiatives to address the right problems at the right time
• Excellent interpersonal and team building skills

Nice To Haves

• Certifications such as SANS Security Awareness Professional (SSAP) or Certified Security Awareness Practitioner (CSAP) are preferred; CISSP, CISM, Change Management, or PMP are a plus.

Responsibilities

• Serve as the program lead for Rivian’s security awareness and employee engagement strategy, defining the annual plan, editorial calendar, and outcomes that drive measurable behavior change.
• Design and deliver engaging, multi-channel campaigns (e.g., Cybersecurity Awareness Month), sustained microlearning, and just-in-time guidance aligned to top human risks and business priorities.
• Develop high-quality content and experiences across formats and channels, including e- learning, micro-modules, short-form video, live sessions, infographics, intranet content, Slack/Email, and site/poster assets.
• Customize education and messages for distinct audiences (manufacturing, service centers, corporate, engineering, executives) and roles based on risk profiles and workflows.
• Develop cybersecurity communications for employee engagement and awareness and partner with the Enterprise Communications teams to distribute communications through various channels.
• Partner with People Team/Learning to manage mandatory training cycles, role-based learning paths, and compliance-ready tracking aligned to applicable standards and regulations (e.g., NIST CSF, ISO 27001, OWASP, HIPAA, TISAX).
• Establish and manage a global Security Champions/Cybersecurity Drivers network; equip champions with toolkits, office hours, and recognition that amplifies local impact. In addition, manage the Cybersecurity Drivers Slack channel.
• Define and report KPIs/KRIs that matter (e.g., completion and pass rates, report rates, behavior adoption, risk reduction indicators, sentiment); provides visual displays of insights.
• Localize content and experiences for global audiences, account for cultural nuances, accessibility, and inclusive design. Model best-in-class project and change management practices, track milestones, identify awareness and engagement risks and dependencies across multiple concurrent initiatives.
• Provide valuable delivery insights derived from multiple sources and communicate metrics which teams can use to drive continuous improvement.
• Communicate expectations and carefully track progress to ensure standards are met at a systematic level; follows up to keep work on track.
• Stay updated on industry trends and best practices in risk and controls and proactively recommend improvements to the Cybersecurity Risk Management Program.
• Seek to understand different perspectives to resolve conflict.

Benefits

• Rivian provides robust medical/Rx, dental and vision insurance packages for full-time employees, their spouse or domestic partner, and children up to age 26.
• Coverage is effective on the first day of employment, and Rivian covers most of the premiums.