Sr. Security Awareness and Training Analyst

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Education, or a related field (or equivalent work experience).
• 5+ years of experience in security awareness, training, or a related cybersecurity role.
• Proven track record of managing and enhancing security awareness programs in a corporate or cybersecurity environment.
• Deep understanding of cybersecurity concepts, best practices, and risk mitigation strategies.
• Strong ability to create engaging and impactful awareness and training content tailored to diverse audiences.
• Experience with phishing simulation tools and e-learning platforms.
• Excellent communication and presentation skills, with the ability to translate complex technical topics into simple, relatable messages.
• Analytical mindset to assess training effectiveness and make data-driven decisions.
• Knowledge of relevant frameworks and standards (e.g., NIST, CIS, ISO 27001, SOC 2).

Nice To Haves

• Track and analyze training participation, phishing simulation results, and employee engagement metrics.
• Relevant certifications, such as CISSP, CISM, CISA, or certifications in training and development (e.g., Certified Security Awareness Practitioner - CSAP).
• Experience in managing global training initiatives in a multicultural organization.

Responsibilities

• Develop engaging educational materials, including e-learning modules, videos, infographics, and newsletters, to promote cybersecurity best practices.
• Lead phishing simulation campaigns and other hands-on activities to test and reinforce awareness.
• Organize and support awareness events such as Cybersecurity Awareness Month activities, workshops, and webinars.
• Foster a culture of security by creating engaging communication campaigns using posters, emails, and interactive resources.
• Establish metrics to measure program effectiveness and identify opportunities for improvement.
• Partner with other departments to integrate security training into onboarding and ongoing employee education programs.
• Work closely with the other Infosec teams to identify emerging threats and tailor training content accordingly.
• Act as a security culture ambassador, fostering positive engagement and support from all levels of the organization.
• Ensure the program complies with legal, regulatory, and contractual requirements (e.g., GDPR, CMMC, HIPAA).
• Analyze user behavior trends, assess vulnerabilities, and provide insights to address human-related risks.
• Maintain up-to-date knowledge of cybersecurity threats and adapt training programs to address evolving risks.
• Prepare regular reports on the effectiveness of training programs and identify areas for improvement.
• Regularly present program updates, metrics, and recommendations to senior leadership and key stakeholders.