Security Awareness Associate DirectorBusinesses Carrier Job ID 01355099 Date posted 09/17/2019 City Palm Beach Gardens State Florida Country United States
Country:United States of America
Location:CAF77: CCS - CIB 13995 Pasteur Blvd , Palm Beach Gardens, FL, 33418 USA
Carrier is a leading global provider of innovative HVAC, refrigeration, fire, security, and building automation technologies leading to safer, smarter, sustainable, and high-performance buildings. Carrier’s businesses enable modern life by delivering efficiency, safety, security, comfort, productivity, and sustainability across a wide range of residential, commercial and industrial applications.
- Responsible for developing and the execution of a Global Security Awareness program. This function will include creation and support of awareness communications, presentations, attestations, marketing material, training rollouts, events, phishing exercises and use of internal social media platforms to include expansion to third parties, consultants and boutiques to align with the new risk structure. The responsibility will span enterprise cybersecurity and product (IOT) security.
- Measure the effectiveness of the program and the associated campaigns while meeting the objective of effectively changing the behaviors of our personnel to embrace a more cyber-aware culture
- Establish a CISO communication strategy and execution plan in coordination with Corporate Communications
- Manage CISO communications and presentations on educational topics and organizational change management projects
- Establish a cohesive and coherent editorial calendar that supports this objective, and create related content for various internal channels that captures the “heads, hearts, and hands” of our audience.
- Provide guidance to, work with, and coordinate the efforts of others who will contribute to this work, including creative agencies, graphic designers, videographers, etc. (as necessary.).
- Demonstrated ability to think creatively while accounting for multiple perspectives in any given scenario
- Build relationships with cross-departmental partners to improve the quality of security awareness training across organization, including consultants.
- Ensure program compliance to industry standards and regulations with implementation, support, and tracking of security awareness phishing programs and follow up trainings.
- Improve the intranet site to refresh content and align with new risk structure.
- Understand cybersecurity threats and be able to liaison between technology and communications.
- Partner with Corporate Communications to convey security awareness messages are consistent with corporate branding.
- Manage reporting and metrics of key dashboard landmarks.
- Help organize security awareness events.
- Bring new and creative ideas and energy to the program by staying current with the security awareness community
- Continuously identify, assess, measure and monitor gaps in the program to increase its effectiveness.
- Engage employees and consultants to be mindful of best security practices and behaviors both at home and at work, using interactive learning experiences and building a secure culture.
- Establish a Global cyber ambassador program throughout the organization to understand risks and business objectives
- Experience deploying and measuring effectiveness of security awareness to a global audience, leveraging LMS, webcasts, and other technology
- Ability to appropriately balance security awareness needs with business impact and benefit
- Ability to form complex ‘communications / messages’ in a simple, clear and concise manner to the various communities within our organization. This can include different cultures, nationalities, international locations and languages.
- Skilled in executive level presentations and briefings
- Understanding of the concepts of information risks and the different elements that make up risk. In addition, have at a minimum a basic understanding of the different concepts of information security.
- Knowledge of security policies and principles of information handling and protection
- An in-depth understanding of ISO 27002 security policy, and a working knowledge of other policy frameworks such as ISO, COBIT and NIST a plus
- Bachelor’s degree or equivalent experience in cybersecurity.
- 10 years of experience with 5+ years in Information Security
- Security awareness training or a similar background preferably in large enterprise.
- Ability to function independently with limited direction.
- Practical knowledge of various learning styles and a variety of awareness techniques
- Experience writing and designing information security educational material for employees.
- Experience running and supporting phishing campaigns and training.
- Experience in designing dashboard to reflect the effectiveness of cybersecurity awareness program.
- Excellent communication skills (written, verbal, and slide design/visualization), with experience in clearly explaining complex information security concepts and technologies for both technical and non-technical audiences leveraging various media
- Ability to speak to mid to large size groups presenting training and awareness.
- Strong organizational skills and ability to multi-task.
- Information Security certifications will be considered a plus.
- Instructional designer or any skills related to training will be considered a plus.
- Social media, communications and marketing experience will be considered a plus.
- Certifications a Plus: CSAP, SSAP, CISSP, CEH, SANS/GIAC, Sec+, CASP or similar professional certifications
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
United Technologies Corporation is An Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status, age or any other federally protected class.
Click on this link to read the Policy and Terms