Director, Information Security Awareness and Training

• Review and modernize phishing and social engineering training programs  

 Risk Management and Compliance 

• Ensure security awareness initiatives and training programs meet regulatory requirements (GDPR, CCPA, PCI DSS, etc.) and Sony requirements 

• Conduct regular assessments to identify knowledge gaps and security behavior risks 

• Develop remediation strategies for identified awareness gaps 

• Ensure the integration of awareness metrics into the information security risk management framework  

• Prepare reports for leadership on program effectiveness and compliance status 

• Translate technical security concepts into business risk language for executive audiences 

Qualifications 
Education and Experience 

• Bachelor's degree in Information Security, Computer Science, Communications or related field or equivalent experience 

• 8+ years of experience in Learning and Development or Communications  

• 3+ years focus on security awareness and training 

• 3+ years managing others 

• Proven record developing and implementing successful security awareness programs 

Technical Knowledge 

• Strong understanding of information security principles, frameworks, and best practices 

• Knowledge of relevant regulations and compliance requirements 

• Familiarity with learning management systems and awareness platforms 

• Experience with security awareness program management and analytics, tools, and technologies 

Skills and Competencies 

• Excellent communication and executive presentation skills   

• Strong leadership and team management abilities  

• Creative approach to education and behavior change  

• Change management and organizational development expertise  

• Ability to influence across organizational boundaries   

• Data analysis skills to measure program effectiveness  

• Project management expertise 

 Certifications (preferred) 

• Security awareness specific certifications (SANS GIAC Security Awareness, etc.)  

• Adult learning or instructional design certifications, (CPTM, etc.) 

• CISSP, CISM, or equivalent security certification  

Working Conditions 

• Full-time position with minimum 4 days onsite  

• May require occasional travel for conferences, training events, or multi-site program implementation 

• Ability to adapt to rapidly evolving security threat landscape and business priorities 

 Success Criteria 

• Measurable improvement in security awareness metrics across the organization  

• Reduction in security incidents related to human behavior  

• High engagement rates with security awareness content  

• Successful compliance with relevant security standards and regulations  

• Positive feedback from stakeholders and program participants 

• Actively contribute to a positive team environment through participation in team activities, knowledge sharing, and colleague support.