Client Audit Manager, Information Security & Risk Management

Key Responsibilities

Program Development and Implementation:

• Design and implement a comprehensive security awareness program tailored to organizational needs to foster a culture of security.
• Ensure the awareness program meets regulatory and compliance requirements, such as ISO, NIST, HIPAA, and other relevant standards.
• Integrate security awareness with broader risk management and compliance initiatives.
• Assist in updating security policies.

Training and Awareness Delivery:

• Develop and deliver training materials, campaigns, and content that are aligned with security policies, and cover best practices, behaviors, and latest security threats (e.g., phishing, malware). Regularly update training content to address new threats, technologies, and policies.
• Identify key stakeholders and work with them to manage expectations and gather feedback on training content.
• Provide tailored training for different employee roles, from entry-level to executive leadership, and technical to non-technical personnel.
• Develop engaging, gamified, or interactive learning experiences to enhance retention of security concepts.
• Conduct security awareness training sessions such as workshops, etc.
• Lead company-wide security awareness campaigns, such as phishing simulations, security newsletters, and social media posts.
• Create infographic posters and other communication materials to promote information security best practices.
• Collaborate with internal communications teams to develop and distribute communication materials, including emails, newsletters, intranet content, and videos.
• Use multiple channels, such as webinars, workshops, town halls, and social media, to ensure that messages reach all levels of the organization.

Measurement and Reporting:

• Develop metrics to evaluate the effectiveness of security awareness programs, such as phishing simulation results, training completion rates, and employee feedback.
• Prepare reports on awareness training initiatives, including participation rates, performance metrics, and areas for improvement.
• Present findings and recommendations to senior leadership and stakeholders.

Stakeholder Collaboration:

• Collaborate with the IT and cybersecurity teams to align awareness initiatives with technical security measures.
• Partner with service lines and business groups to deliver training aligned with business requirements.
• Act as a subject matter expert and advisor for security-related training and awareness.

Communication & Change Management:

• Develop and implement change management strategies that support the adoption of new processes or systems.
• Work closely with project managers and senior leaders to assess the impact of changes on the organization and its employees.
• Integrate change management activities into project plans, ensuring a holistic approach to implementing change.
• Create and execute a comprehensive communication plan to inform stakeholders about upcoming changes, the reasons behind them, and the benefits to the organization.
• Craft clear, engaging messages that align with the organization’s goals and are tailored to different stakeholder groups, including employees, leadership, and partners.
• Collaborate with internal communications teams to develop and distribute communication materials.
• Identify key stakeholders and work with them to manage expectations and gather feedback throughout the change process.

Qualification & Requirements

Experience:

• 10+ years of experience in information security, with a focus on awareness and training programs.
• Experience in developing and delivering security awareness training to diverse audiences.
• Experience with e-learning platforms and training software.
• Familiarity with compliance frameworks such as NIST, ISO 27001, HIPAA, and others.
• Demonstrated advanced verbal and written communication skills
• Excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.
• Excellent organization skills and be a self-motivated learner

Qualifications:

• Bachelor’s degree in Information Security, Cybersecurity, Communications, Education, Computer Science, Engineering or related field or equivalent work experience
• CISA, CRISC, CISM, or CISSP certifications (one or more) preferred

Benefits

• Insurance Benefits
• Retirement Benefits
• Vacation Policy
• Other Perks and Benefits…