• Job Description

  Req#: 32748250978

  The Director of Information Security Awareness and Training is responsible for developing, implementing, and managing security awareness and training programs across the organization. The Director will lead a comprehensive approach to building a security-conscious cult ure and drive behavio r al change initiatives. This role combines strategic vision with hands-on program development to protect the organization's information assets through effective employee education and engagement. This leader will manage a small team and will need to establish strong cross-functional relationships with high trust across the enterprise to be effective .

  Key Responsibilities

  Program Development and Management

  • D esign, implement, and maintain enterprise-wide security awareness and training programs

  • Establish metrics to measure program effectiveness

  • Develop annual training calendars and curriculum roadmaps aligned with organizational needs

  • Be accountable for ensuring our spend on security awareness and human-centric security is highly effective

  Strategic Leadership

  • W ith executive leadership , align security awareness initiatives with business objectives

  • Build strategic partnerships across IT, P&O , Legal Compliance, Corporate Communications, and other departments to integrate security awareness into organizational processes

  • Drive organizational culture change related to security

  • Influence security behavior change

  • Stay current with emerging threats and evolving security best practices to keep guidance timely and relevant

  • E stablish relationships with industry groups and security awareness communities

  Security Innovation Leadership

  • Research innovative training and awareness approaches (gamification, VR/AR , Advanced Technologies, etc. ) and implement where applicable to maximize engagement and knowledge retention

  • Identify and evaluate emerging security awareness technologies

  Content Creation and Delivery

  • Lead creation of engaging, relevant security awareness content across multiple formats (e-learning, videos, newsletters, etc.)

  • Oversee the development of role-based training materials tailored to different departments and risk profiles

  • Review and modernize phishing and social engineering training programs

  Risk Management and Compliance

  • Ensure security awareness initiatives and training programs meet regulatory requirements (GDPR, CCPA, PCI DSS, etc.) and Sony requirements

  • Conduct regular assessments to identify knowledge gaps and security behavior risks

  • Develop remediation strategies for identified awareness gaps

  • Ensure the integration of awareness metrics into the information security risk management framework

  • Prepare reports for leadership on program effectiveness and compliance status

  • Translate technical security concepts into business risk language for executive audiences

  Qualifications
  Education and Experience

  • Bachelor's degree in Information Security , Computer Science, Communications or related field or equivalent experience

  • 8+ years of experience in L earning and D evelopment or C ommunications

  • 3+ years focus on security awareness and training

  • 3+ years managing others

  • Proven record developing and implementing successful security awareness programs

  Technical Knowledge

  • Strong understanding of information security principles, frameworks, and best practices

  • Knowledge of relevant regulations and compliance requirements

  • Familiarity with learning management systems and awareness platforms

  • Experience with security awareness program management and analytics, tools, and technologies

  Skills and Competencies

  • Excellent communication and executive presentation skills

  • Strong leadership and team management abilities

  • Creative approach to education and behavior change

  • C hange management and organizational development expertise

  • Ability to influence across organizational boundaries

  • Data analysis skills to measure program effectiveness

  • Project management expertise

  Certifications (preferred)

  • Security awareness specific certifications (SANS GIAC Security Awareness, etc.)

  • Adult learning or instructional design certifications , ( CPTM , etc.)

  • CISSP, CISM, or equivalent security certification

  Working Conditions

  • Full-time position with minimum 4 days onsite

  • May require occasional travel for conferences, training events, or multi-site program implementation

  • Ability to adapt to rapidly evolving security threat landscape and business priorities

  Success Criteria

  • Measurable improvement in security awareness metrics across the organization

  • Reduction in security incidents related to human behavior

  • High engagement rates with security awareness content

  • Successful compliance with relevant security standards and regulations

  • Positive feedback from stakeholders and program participants

  • Actively contribute to a positive team environment through participation in team activities, knowledge sharing, and colleague support.

  #J-18808-Ljbffr

• About the company

Notice