Vacancy expired!
The Senior Security Analyst - Security Awareness & Training, is a creative, well-rounded communicator who excels at the strategy and the tactics necessary to ensure that the security awareness program is effectively changing organizational behavior, fostering a secure culture, and reducing security risk. This position develops and executes global and targeted education and awareness campaigns to improve user behavior, reduce risk, and measure the effectiveness of these campaigns.
We believe that Delta's people play a critical role in our cyber threat defense and maintaining a vigilant and security-aware workforce is the best strategy for detecting and thwarting cyber-attacks, running a successful operation, serving our customers, and maintaining a world class workforce. As such, a well-managed information security awareness program plays an undeniable role in Delta's overall security and risk posture. This is a people-focused position with an opportunity to create new processes and solutions and drive results within an existing mature Security Awareness Program help to help protect the information our customers, employees and business partners entrust to our care. YOUR RESPONSIBILITIES IN THIS ROLE- Ensure the delivery of an innovative security awareness program to change and reinforce cyber-secure behaviors but also creates a strong, positive security culture across all Delta divisions.
- Analyze and identify the top human risks to the organization and the behaviors that must change to mitigate those risks. Develop, review, implement, and maintain a security awareness training programs to mitigate human risks. Ensure security awareness programs meet all industry regulations, standards, and compliance requirements and that all Delta people understand, acknowledge, and fulfill all applicable enterprise information security policies.
- Apply understanding of human nature, social science, cybersecurity fundamentals, and organizational culture to identify areas where effective security awareness campaigns can be leveraged to pre-empt developing threats and/or mitigate existing threats rooted in user behaviors.
- Oversee the execution of the Phishing Awareness Program by designing, launching, and assessing simulated phishing emails to include monthly enterprise and targeted campaigns.
- Collaborate with Threat Intel, Incident Response & other security groups to create high-quality exercises that mimic real-life threats, address high risk employee activity, and provide additional education as needed.
- Develop and deliver targeted security awareness and training content through various communication methods and channels to include drafting articles for publication on the company intranet, crafting website content, creating timelines and infographics, planning outreach and interactive activities, roadshows, and presentations.
- Plan and execute a campaign to promote National Cyber Security Awareness Month (NCSAM).
- Evaluate effectiveness of training and awareness programs, utilizing appropriate data collection & metrics and adjusting program as necessary to maximize effectiveness of reducing human risk.
- Have exceptional communications skills and the ability to tell powerful and compelling stories through excellent writing skills, the ability to think and communicate clearly, formulate a clear point of view on complicated issues, and create a concise and well-written narrative. A natural teacher, good at putting points across engagingly and enthusiastically and inspiring employees to take an interest in information security
- Basic understanding of a wide array of concepts within information security, specific to the reduction of risk through application of best practices.
- Experience developing creative, effective approaches to difficult communications challenges.
- Must have a high degree of initiative and the ability to manage multiple tasks, work under pressure and meet deadlines as required.
- Program and project management experience with strong business acumen, strategic, and critical thinking
- Have a passion for learning and helping others
- Must be curious, proactive, highly motivated, people-oriented and reliable.
- Embraces diverse people, thinking and styles.
- Consistently makes safety and security, of self and others, the priority.
- Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for U.S.-based job, if not currently employed by Delta Air Lines, Inc.
- Bachelor's degree or higher in a relevant field (information security, communications, marketing, behavioral science, and/or computer science).
- Exposure to and familiarity with relevant standards such as ISO/IEC 27001 and 27002, NIST 800, and COBIT, and applicable laws related to information security and privacy (e.g., GDPR, PCI-DSS, SOX, HIPAA)
- Experience developing and delivering security awareness programs
- Experience with security training platforms (e.g. Proofpoint, Secure Code Warrior, Cofense, LivingSecurity, KnowBe4, etc.)
- Creative and visual skills including graphic, web, print and slide design
- Social media expertise, and multi-media experience
- SSAP, CSAP, Security+, CISSP, CISA, CISM, or other relevant security certifications.
Vacancy expired!