Staff Cybersecurity Education and Awareness Manager

About The Position

Requirements

• 8+ years of experience in cybersecurity awareness, security education, learning & development, communications, organizational change management, or related fields.
• Strong understanding of cybersecurity principles, human risk management, and behavior change strategies; experience applying these concepts in large, complex organizations is preferred.
• Hands-on experience with: Security awareness and training platforms Phishing simulation and human risk tools Analytics / reporting solutions for measuring behavior and campaign impact
• Excellent communication skills—able to translate technical concepts and policy requirements into simple, clear, and actionable messages for non-technical audiences across different regions and job functions.
• Proven ability to influence without direct authority, build trust with senior stakeholders, and collaborate across multiple teams and time zones.
• Experience designing and delivering modern learning experiences (e.g., microlearning, gamification, scenario-based learning, interactive workshops) that drive measurable behavior change.
• Bachelor degree in Cybersecurity, Information Systems, Communications, Education, Organizational Psychology, or a related field; or equivalent practical experience.

Nice To Haves

• 10+ years of experience in cybersecurity awareness, security education, learning & development, communications, organizational change management, or related fields.
• Professional certifications such as CISSP, CISM, Security+, or a Security Awareness / Human Risk certification.
• Master degree in Cybersecurity, Information Systems, Communications, Education, Organizational Psychology, or a related field.

Responsibilities

• Foster a positive, empowering security culture that emphasizes accountability, learning, and “secure by default” behaviors rather than fear or blame.
• Develop and maintain a GM-wide security education and enablement strategy aligned to enterprise risk priorities, NIST CSF principles, and GM cybersecurity policies and standards.
• Help define a multi-year roadmap for security education and culture initiatives, including annual objectives, key milestones, and integration with broader cybersecurity and IT strategies.
• Ensure programs align with GM’s values and vision (e.g., Zero Crashes, Zero Emissions, Zero Congestion) and reinforce that cybersecurity is foundational to safety, quality, and customer trust.
• Design and deliver engaging, role-based cybersecurity training (e.g., targeted modules for high-risk roles such as developers, third-party facing teams, etc.).
• Lead the evolution from point-in-time training and one-off phishing exercises to a continuous, data-informed engagement program, sunsetting legacy approaches in favor of more modern, behavior-focused methods.
• Use modern learning techniques (e.g., microlearning, just-in-time nudges, gamification, simulations, labs) to drive knowledge retention and real behavior change.
• Collaborate with key learning and culture teams across the enterprise to embed and enable cybersecurity education and culture initiatives within their areas of responsibility
• Design and scale a Security Champions network across functions, sites, and regions to localize security messages, gather feedback, and amplify best practices within teams.
• Equip leaders at all levels (from senior executives to frontline managers) with information and communication tools they can use in staff meetings, town halls, and performance discussions.
• Create and manage recognition programs that celebrate secure behaviors and contributions to GM’s cybersecurity posture.
• Use data-driven insights to understand human risk across GM (e.g., phishing resilience, reporting behavior, policy exceptions, unsafe tool usage) and identify high-risk personas, processes, or environments.
• Define and track key performance indicators (KPIs) and outcomes related to security behavior (e.g., click rates and report rates, training completion and assessment scores, time-to-remediate user-driven risks, participation in key campaigns).
• Collaborate with Cyber Defense, Insider Threat, and Risk & Compliance teams to connect human risk insights with broader cyber metrics and dashboards, and to prioritize targeted interventions where they matter most.
• Partner with the GM Threat Intelligence team to convert real‑time cyber threat intelligence into relevant, actionable training that helps employees recognize and report emerging threats (e.g., new phishing campaigns and attacker tactics), strengthening our workforce as a proactive layer of defense.
• Help redesign and manage core internal cybersecurity communication channels, including intranet pages, slack messaging, email campaigns, and executive storytelling.
• Ensure employees have clear, well-documented workflows and resources to: Report suspected phishing and cyber incidents Request cybersecurity support or guidance Access up-to-date policies, standards, and best practices in a user-friendly way
• Develop messaging and campaigns for new or updated policies, emerging threats, incidents, and strategic initiatives, collaborating closely with Cybersecurity Policy, Cyber Defense, and other subject-matter experts.
• Partner with Corporate Communications and HR to align cyber messaging with broader company communications and culture narratives.
• Establish a measurement framework and regular reporting cadence that provides the CISO and senior leadership with clear visibility into the effectiveness of security education and culture initiatives (e.g., dashboards, scorecards, quarterly readouts).
• Use experimentation (e.g., A/B testing of messages, pilots with specific functions, gamified challenges) to continuously refine approaches based on what drives measurable behavior change.
• Stay current on emerging threats, human risk trends, and best practices in security awareness, culture, and behavior science; incorporate learnings into GM’s programs to keep them fresh, relevant, and impactful.

Benefits

• From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
• Learn how GM supports a rewarding career that rewards you personally by visiting Total Rewards resources.