Description:
Responsible for planning, developing, implementing, measuring, and maintaining of the security awareness and training program to ensure secure behaviors are implemented and followed by all employees, and to create a mature security culture within the organization to reduce cyber risks.
Key Responsibilities:
- Develop the strategy, goals, and objectives for the cyber security training, and awareness program.
- Develop new or identify existing awareness and training materials that are appropriate for intended audiences.
- Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.
- Plan training and awareness strategies such as sessions, demonstrations, interactive exercises, multimedia presentations, video courses, web-based courses for most effective learning environment.
- Conduct interactive training exercises to create an effective learning environment.
- Evaluate the effectiveness and comprehensiveness of existing training and awareness programs.
- Provide direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.
- Develop computer-based training and awareness modules, learning objectives and goals, and awareness assessments for measuring and assessing employees’ proficiency.
- Review training and awareness documentation (e.g., Content Documents).
- Create and deliver training and awareness courses tailored to the audience and physical environment
- Conduct training and awareness needs assessments and identify requirements.
- Design training and awareness curriculum and course content based on requirements.
- Develop training policies and protocols for cyber training.
- Advocate for adequate funding for cyber training resources, to include both internal and industry-provided courses, instructors, and related materials.
- Plan and coordinate the delivery of training and awareness techniques and formats (e.g., video courses, mentoring, web-based courses, lectures, demonstrations, interactive exercises, multimedia presentations) for the most effective learning environment.
- Ensure that training meets the goals and objectives for cybersecurity training and awareness.
- Conduct periodic reviews/revisions of training and awareness content for accuracy, completeness alignment, and currency.
- Develop or assist with the development of privacy training and awareness materials and other communications to increase employee understanding of organization privacy policies, data handling practices and procedures and legal obligations.
- Ensure that the cyber security awareness program communicates the security policies and requirements.
- Ensure security awareness information is updated on regular basis and reflects the latest security trends and threats.
- Collect and maintain data needed to meet system cybersecurity reporting.
- Identify top human risks in the organization.
- Establish and maintain communication channels with stakeholders.
Education and Certification:
- Bachelor’s degree in computer science, cybersecurity, information technology or relevant to the field.
- CompTIA Security+
- CompTIA Network+
- CySA+: Cyber Security Analyst Certification
- CSAP: Certified Security Awareness Practitioner
- GRCP: GRC Professional (Preferred)
- ISO 27001 Lead Auditor/Implementer (Preferred)