Director of Cyber Security Awareness & Education

The Opportunity
The Director of Security Awareness is responsible for developing, implementing, and managing the organization's security awareness and training program.
The Team
This individual will lead team efforts to foster a culture of security across the organization, reduce human-related security risks, and ensure employees and stakeholders are educated on best practices for protecting sensitive data and systems.
The Impact
The role requires strategic leadership, creative program development, and the ability to measure and communicate the effectiveness of awareness initiatives.
Key Responsibilities
Program Development and Leadership:

• Design, implement, and manage a comprehensive security awareness and training program tailored to the organization's needs.
• Align the program with business objectives, regulatory requirements, and industry best practices.
• Promote a security-first culture across all levels of the organization.

Training and Awareness Campaigns:

• Develop engaging training materials and campaigns using various formats (e.g., e-learning modules, in-person workshops, videos, and gamified learning).
• Conduct phishing simulations and other practical exercises to assess and improve employee security behavior.
• Tailor training content for diverse audiences, including executives, technical staff, general employees, and third-party vendors.

Risk Reduction and Behavior Change:

• Identify and address key human-related risks (e.g., phishing, social engineering, password management).
• Measure the impact of training programs on employee behavior and incident reduction.
• Implement strategies to address recurring security vulnerabilities or compliance gaps.

Metrics and Reporting:

• Define and track key performance indicators (KPIs) to evaluate program effectiveness.
• Report on awareness program progress, employee engagement, and risk reduction to senior leadership and the board.
• Use data-driven insights to continuously improve program effectiveness.

Collaboration and Communication:

• Work closely with IT, legal, HR, compliance, and other departments to align awareness initiatives with organizational goals.
• Partner with external vendors and consultants as needed to enhance training content and delivery.
• Act as the primary advocate for security awareness, communicating the importance of cybersecurity to all stakeholders.

Compliance and Regulatory Alignment:

• Ensure the program meets applicable regulatory and compliance requirements (e.g., NIS, NYDFS).
• Maintain documentation to provide evidence of compliance during audits or assessments.
• Stay updated on industry trends, emerging threats, and changes in compliance standards.

Incident Response Integration:

• Collaborate with the incident response team to incorporate lessons learned from security incidents into training materials.
• Ensure employees are educated on how to recognize and respond to potential security incidents.

The Minimum Qualifications

• Bachelor's degree in information technology, Cyber Security, or a related field
• 8+ years of experience in cybersecurity
• 3+ years in a leadership role focused on security awareness and training

The Preferred Qualifications

• Strong knowledge of cybersecurity principles, threats, and best practices.
• Experience with learning management systems (LMS), phishing simulation tools, and training platforms.
• Excellent communication and presentation skills, with the ability to engage and educate diverse audiences.
• Strong analytical skills for measuring program effectiveness and driving continuous improvement.
• Creative mindset with the ability to design innovative and engaging training campaigns.

Certifications (Preferred):

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Cybersecurity Awareness Professional (CCAP) or equivalent
• SANS Security Awareness Professional (SSAP)
• Certified Security Awareness Practitioner (CSAP)

Key Competencies

• Leadership and team management skills.
• Strong interpersonal and collaboration skills.
• Ability to prioritize and manage multiple projects in a dynamic environment.
• Strategic thinking and problem-solving capabilities.
• Passion for promoting cybersecurity and influencing positive behavior change.

What to Expect as Part of MassMutual and the Team

• Regular meetings with the Awareness & education team
• Focused one-on-one meetings with your manager
• Access to mentorship opportunities
• Networking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource Groups
• Access to learning content on Degreed and other informational platforms
• Your ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefit.

#LI-SC1
MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.
If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need.
Salary Range: $152,100.00-$199,600.00