Job Description

The Director of Information Security Awareness and Training is responsible for developing, implementing, and managing security awareness and training programs across the organization. The Director will lead a comprehensive approach to building a security-conscious cult ure and drive behavio r al change initiatives. This role combines strategic vision with hands-on program development to protect the organization's information assets through effective employee education and engagement. This leader will manage a small team and will need to establish strong cross-functional relationships with high trust across the enterprise to be effective . Key Responsibilities Program Development and Management + D esign, implement, and maintain enterprise-wide security awareness and training programs + Establish metrics to measure program effectiveness + Develop annual training calendars and curriculum roadmaps aligned with organizational needs + Be accountable for ensuring our spend on security awareness and human-centric security is highly effective Strategic Leadership + W ith executive leadership , align security awareness initiatives with business objectives + Build strategic partnerships across IT, P&O , Legal Compliance, Corporate Communications, and other departments to integrate security awareness into organizational processes + Drive organizational culture change related to security + Influence security behavior change + Stay current with emerging threats and evolving security best practices to keep guidance timely and relevant + E stablish relationships with industry groups and security awareness communities Security Innovation Leadership + Research innovative training and awareness approaches (gamification, VR/AR , Advanced Technologies, etc. ) and implement where applicable to maximize engagement and knowledge retention + Identify and evaluate emerging security awareness technologies Content Creation and Delivery + Lead creation of engaging, relevant security awareness content across multiple formats (e-learning, videos, newsletters, etc.) + Oversee the development of role-based training materials tailored to different departments and risk profiles + Review and modernize phishing and social engineering training programs   Risk Management and Compliance + Ensure security awareness initiatives and training programs meet regulatory requirements (GDPR, CCPA, PCI DSS, etc.) and Sony requirements + Conduct regular assessments to identify knowledge gaps and security behavior risks + Develop remediation strategies for identified awareness gaps + Ensure the integration of awareness metrics into the information security risk management framework + Prepare reports for leadership on program effectiveness and compliance status + Translate technical security concepts into business risk language for executive audiences Qualifications Education and Experience + Bachelor's degree in Information Security , Computer Science, Communications or related field or equivalent experience + 8+ years of experience in L earning and D evelopment or C ommunications + 3+ years focus on security awareness and training + 3+ years managing others + Proven record developing and implementing successful security awareness programs Technical Knowledge + Strong understanding of information security principles, frameworks, and best practices + Knowledge of relevant regulations and compliance requirements + Familiarity with learning management systems and awareness platforms + Experience with security awareness program management and analytics, tools, and technologies Skills and Competencies + Excellent communication and executive presentation skills  + Strong leadership and team management abilities + Creative approach to education and behavior change + C hange management and organizational development expertise + Ability to influence across organizational boundaries + Data analysis skills to measure program effectiveness + Project management expertise  Certifications (preferred) + Security awareness specific certifications (SANS GIAC Security Awareness, etc.) + Adult learning or instructional design certifications , ( CPTM , etc.) + CISSP, CISM, or equivalent security certification Working Conditions + Full-time position with minimum 4 days onsite + May require occasional travel for conferences, training events, or multi-site program implementation + Ability to adapt to rapidly evolving security threat landscape and business priorities  Success Criteria + Measurable improvement in security awareness metrics across the organization + Reduction in security incidents related to human behavior + High engagement rates with security awareness content + Successful compliance with relevant security standards and regulations + Positive feedback from stakeholders and program participants + Actively contribute to a positive team environment through participation in team activities, knowledge sharing, and colleague support. Sony Pictures Entertainment is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, age, sexual orientation, gender identity, or other protected characteristics. To request an accommodation for purposes of participating in the hiring process, you may contact us at SPE_Accommodation_Assistance@spe.sony.com.

Job Tags

Full time,

Similar Jobs