Job Description

:
Role Description:
xc2xb7 The Awareness & Training Manager, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for organizing and managing internal and external audits. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance. Successful candidate will have a good mix of security knowledge, understanding of industry best practice, and a demonstrated background in information security risk management.
xc2xb7 The Awareness & Training Manager for Information Security will be responsible for developing, implementing, and managing comprehensive security awareness and training programs for employees, contractors, and third parties. This role focuses on cultivating a security-conscious culture across the organization, ensuring compliance with information security policies and regulations, and reducing human risk to security incidents. The manager will work closely with internal stakeholders to promote security best practices and design engaging training initiatives.
The ideal candidate:
xc2xb7 is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve.
xc2xb7 possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies.
xc2xb7 possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. Successful candidate will develop strong relationships, collaborate across teams, coordinate multiple timelines, and manage complex, cross discipline projects.
xc2xb7 global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly.
Skills:
Skills
Responsibilities:

• Program Development and Implementation:

• Design and implement a comprehensive security awareness program tailored to organizational needs to foster a culture of security.
• Ensure the awareness program meets regulatory and compliance requirements, such as ISO, NIST, HIPAA, and other relevant standards.
• Integrate security awareness with broader risk management and compliance initiatives.
• Assist in updating security policies.
• Training and Awareness Delivery:

• Develop and deliver training materials, campaigns, and content that are aligned with security policies, and cover best practices, behaviors, and latest security threats (e.g., phishing, malware). Regularly update training content to address new threats, technologies, and policies.
• Identify key stakeholders and work with them to manage expectations and gather feedback on training content.
• Provide tailored training for different employee roles, from entry-level to executive leadership, and technical to non-technical personnel.
• Develop engaging, gamified, or interactive learning experiences to enhance retention of security concepts.
• Conduct security awareness training sessions such as workshops, etc.
• Lead company-wide security awareness campaigns, such as phishing simulations, security newsletters, and social media posts.
• Create infographic posters and other communication materials to promote information security best practices.
• Collaborate with internal communications teams to develop and distribute communication materials, including emails, newsletters, intranet content, and videos.
• Use multiple channels, such as webinars, workshops, town halls, and social media, to ensure that messages reach all levels of the organization.
• Measurement and Reporting:

• Develop metrics to evaluate the effectiveness of security awareness programs, such as phishing simulation results, training completion rates, and employee feedback.
• Prepare reports on awareness training initiatives, including participation rates, performance metrics, and areas for improvement.
• Present findings and recommendations to senior leadership and stakeholders.
• Stakeholder Collaboration:

• Collaborate with the IT and cybersecurity teams to align awareness initiatives with technical security measures.
• Partner with service lines and business groups to deliver training aligned with business requirements.
• Act as a subject matter expert and advisor for security-related training and awareness.
• Communication & Change Management:

• Develop and implement change management strategies that support the adoption of new processes or systems.
• Work closely with project managers and senior leaders to assess the impact of changes on the organization and its employees.
• Integrate change management activities into project plans, ensuring a holistic approach to implementing change.
• Create and execute a comprehensive communication plan to inform stakeholders about upcoming changes, the reasons behind them, and the benefits to the organization.
• Craft clear, engaging messages that align with the organizations goals and are tailored to different stakeholder groups, including employees, leadership, and partners.
• Collaborate with internal communications teams to develop and distribute communication materials.
• Identify key stakeholders and work with them to manage expectations and gather feedback throughout the change process.

Experience:

• 10+ years of experience in information security, with a focus on awareness and training programs.
• Experience in developing and delivering security awareness training to diverse audiences.
• Experience with e-learning platforms and training software.
• Familiarity with compliance frameworks such as NIST, ISO 27001, HIPAA, and others.
• Demonstrated advanced verbal and written communication skills
• Excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.
• Excellent organization skills and be a self-motivated learner

Qualifications:

• Bachelors degree in Information Security, Cybersecurity, Communications, Education, Computer Science, Engineering or related field or equivalent work experience
• CISA, CRISC, CISM, or CISSP certifications (one or more) preferred

About Company:
xe2x80x98Grant Thornton INDUS comprises GT U.S. Shared Services Center India Pvt Ltd and Grant Thornton U.S. Knowledge and Capability Center India Pvt Ltd. Grant Thornton INDUS is the shared services center supporting the operations of Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd. Established in 2012, Grant Thornton INDUS employs professionals across a wide range of disciplines including Tax, Audit, Advisory, and other operational functions. What sets us apart isnt just what we do its how we do it. We support and enable the firms purpose of making business more personal and building trust into every result. Were collaborators obsessed with quality and ready for anything who understand the value of strong relationships. Our professionals are well integrated to seamlessly support the U.S. engagement teams, help increase Grant Thorntons access to a wide talent pool, and improve operational efficiencies. Empowered people, bold leadership, and distinctive client service are imbibed in the culture at Grant Thornton INDUS. We are a transparent, competitive, and excellence-driven firm that offers an opportunity to be part of something significant. In addition, professionals at Grant Thornton INDUS serve communities in India through inspirational and generous services to give back to the communities they work in. Grant Thornton INDUS has its offices in two locations in India Bengaluru and Kolkata