Cybersecurity Education and Awareness Lead

As Northern Trust expands our security team we are looking for someone who will lead the Cybersecurity Education and Awareness program. This learning and development role will reports to the Director of Cybersecurity & Tech Risk on ensuring our partners are up to the challenge of keeping the company safe from security threats.

Responsibilities:

• Apply understanding of human nature, social science, cybersecurity fundamentals, and organizational culture to identify areas where corrective action may need to be taken to pre-empt developing threats and/or mitigate existing threats rooted in user conduct
• Support Computer-Based Training (CBT) content development
• Support the development, optimization, and delivery of Security Awareness training products in the form of Computer-Based Training modules and live, instructor-led presentations
• Write original articles and edit draft articles for publication on the company intranet and for special outreach channels
• Develop custom passive awareness content (e.g., desk cards, posters, fliers, etc.) for deployment at Northern Trust
• Support the Phishing/Vishing Awareness Program by designing, launching, and assessing simulated attacks on the user global population
• Develop new Role-Based Training modules and remedial training content (e.g., CBTs, live presentations, recorded messages, et al) in partnership with subject matter experts for software developers, cybersecurity personnel, and others as required
• Analyze and provide support for the collection and reporting of Security Awareness Program metrics including phishing, vishing, and training compliance
• Maintain ongoing development of knowledge base of training and educational materials adjusted for the changing cyber landscape
• Partner with team as liaison between Cybersecurity Department, Corporate Communications, Corporate Training,
• Assist in answering inquires that comes from partners, contractors and other 3rd parties,
• Support the frequent modification of program documentation (e.g., policies, procedures) and change process steps accordingly
• Ability to articulate process steps and evidentiary materials to auditors, inspectors, regulators, reviewers, stakeholders, and third parties
• Assist in supporting the administration of the cybersecurity workforce program, including planning and tracking group and individual training requirements

• Driven, energetic, team player with superior oral and written communication skills
• Experience with computer skills (e.g., Microsoft Office 365 applications, including Microsoft Visio)
• Ability to learn and use Phishing Simulation and Triage tools
• Basic knowledge of adult learning theory and techniques
• Experience with Computer-Based Training subject content delivery and with Learning Management Systems in general
• Basic understanding of cyber security concepts and practices
• Strong understanding of deception-based attacks (e.g., phishing, social engineering, fraud, etc.)
• Basic understanding of information related frameworks and standards such (e.g., COBIT, NIST 800-53, NYDFS)
• Basic understanding of security workforce frameworks and professional education (e.g., NIST)
• Bachelor's degree or the equivalent combination of formal education and relevant experience
• Exposure to corporate cyber security concepts, practices, and standards
• Previous work in training and content development applicable to the position requirements