Job Description

Overview:

The User Awareness Coordinator is an individual with solid hands-on understanding and experience of security awareness tools, corporate intranets, relevant security campaigns that incorporate information security, IT governance, risk assessment, and compliance. This position provides organizational support for creating, scheduling, and tracking the results and effectiveness of security awareness campaigns within the organization. As part of the Cyber Risk & Compliance (CRC) division, this person has the opportunity to partner with other members of the division in an effort to improve the overall security culture and compliance posture of the organization.


Duties & Responsibilities:
Under direction from the Director, Cyber Risk & Compliance, manage the security awareness program lifecycle, including planning, content creation, delivery, and measurement. Stay up to date on relevant threats that have directly impacted the organization as well as the latest cybersecurity threats, trends, and best practices to ensure the program remains relevant and effective. Plan, execute, and analyze results of regular phishing simulation campaigns. Communicate campaign results and provide targeted training to employees who fall for simulations. Use data from simulations to identify high-risk groups and tailor future training efforts. Serve as the primary point of contact for all security awareness inquiries. Maintain the Information Security intranet site, and manage relevant contents. Collaborate with various departments (e.g., IT, HR, Legal, and Compliance) to ensure the security awareness program meets organizational policies and procedures, needs, and requirements. Promote and market the security awareness program to increase employee participation and engagement. Communicate program successes and areas for improvement to leadership and stakeholders. Track and analyze metrics such as phishing click rates, training completion rates, and help desk tickets related to security incidents. Prepare and present regular reports to management on program progress, risks, and ROI. Use data to continuously improve the program and justify future resource allocation. partner with other members of the division in an effort to improve the overall security culture and compliance posture of the organization.

Skills Required:
Relevant university education and/or degree, or a relevant industry certification Proven experience in developing and managing employee training courses /campaigns, training contents, etc. Demonstrated experience in utilizing and managing relevant user awareness platforms (e.g., KnowBe4), corporate intranet(s), etc. Knowledge of cybersecurity frameworks and relevant regulatory requirements High level of personal integrity and ability to professionally handle confidential matters Capable of acting calmly and managing incidents under high pressure and stress Capable of multitasking in a fast paced, multifaceted environment Ability to work well with customers, peers, and management Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills at all levels Proficient with Microsoft Office Suite and Office365 (i.e., Teams, SharePoint)

Preferred Education Experience, Skills and Abilities

Bachelor's degree in Information Security, Education, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience) 1-3 years of experience in Employee Training, Education, Information Security, IT Security, and/or IT Risk Management Knowledge of cybersecurity frameworks, such as HITRUST, SOC2, and ISO/IEC 27001/27002 Knowledge of relevant regulatory requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standards (PCI DSS) Previous working experience in healthcare environments Knowledge and experience in information security and privacy laws, general electronic health information access, release of information, and release control technologies * Relevant employee training and/or cybersecurity certifications are a plus