Manager, Security Awareness and Learning

Key Responsibilities

Program Strategy & Leadership

• Own and execute the enterprise Security Awareness & Learning strategy, aligned to the organization's overall cyber, fraud, and operational risk posture.
• Translate emerging threats, regulatory expectations, and industry intelligence into relevant, actionable employee education.
• Lead and develop a high-performing security awareness and learning team. Develop and execute strong success metrics to measure team performance. Hires, evaluates, and supervises crew. Provides guidance and training as necessary to develop crew. Sets performance standards, reviews performance, and makes informed compensation decisions in accordance with all applicable Human Resources policies and procedures.

• Support, Design, Expand and Iterate our enterprise education covering:
  
  
  • Cybersecurity fundamentals and secure behaviors
  • Identity and Access Management (e.g., credential protection, MFA, privileged access hygiene, access certifications)
  • Physical security responsibilities (e.g., tailgating prevention, badge security, remote work considerations)
  • Fraud and social engineering threats (e.g., phishing, vishing, deepfakes, insider risk indicators)
• Ensure training is role-based and risk-appropriate, with enhanced content for higher-risk roles (e.g., executives, customer-facing staff, finance, technology, and help desk teams).

• Continuously refresh content based on emerging risks (e.g., phishing trends, fraud patterns, AI-enabled social engineering).
• Partner with Cyber Threat Intelligence and Fraud teams to ensure consistency between awareness messaging and active threat conditions.

• Oversee phishing and social engineering preparedness programs, including simulations and just-in-time education.
• Continuously identifying, prioritizing, and creating multi-channel awareness campaigns to mitigate top risks and emerging threats.
• Promote a security-minded culture, reinforcing employee responsibility for identifying and escalating suspicious activity.
• Align employee education with fraud prevention frameworks and internal controls to reduce financial and reputational impact.

• Partner with Cybersecurity, Fraud, and Business Continuity teams to integrate awareness outcomes into tabletop and simulated exercises in partnership with the Cyber Security Operations Center and the Red Team.
• Reinforce employee roles and expectations during cyber and fraud incidents, ensuring learning translates into real-world response readiness.

• Define and track meaningful metrics beyond completion rates (e.g., behavior change, reporting rates, reduced susceptibility, improved response times).
• Use data to adjust training frequency, content focus, and delivery methods.
• Provide regular executive reporting on program effectiveness, trends, and risk reduction.

• Maintain alignment with regulatory expectations, audit requirements, and internal policy standards.
• Understand and implement controls and evidence processes that provide guardrails of assurance for policy integrity.
• Partner with HR and Compliance to ensure training is integrated into the employee lifecycle (onboarding, role changes, annual refresh).
• Represent the organization in industry forums and peer exchanges related to security awareness and culture.

• Bachelor's degree or equivalent experience in Information Security, Risk Management, Education, or a related field
• Minimum five years related work experience with three years experience in IT security or application development. Supervisory experience preferred.
• Strong understanding of:
  
  
  • Cyber security principles and security operations functions
  • Identity and Access Management concepts
  • Fraud and social engineering tactics
  • Physical security responsibilities
• Proven ability to influence and engage at all levels of the organization, including executives
• Strong written and verbal communication skills.

• Demonstrated experience leading an enterprise security awareness or learning program, or related security leadership experience, preferably in financial services or a regulated industry
• Familiarity with financial-services regulatory expectations related to security training and awareness
• Certifications such as CISSP, CISM, CRISC, Security+, or equivalent
• Experience with phishing simulation platforms, learning management systems, and awareness metrics

• Employees clearly understand their role in protecting the organization from cyber, fraud, and physical threats
• Security awareness is perceived as relevant, timely, and practical, not check-the-box
• Measurable reductions in human-enabled risk
• Strong alignment with financial-services and technology peers and industry best practices