Company Profile
esrhealthcare.com.mysmartjobboard.com
If you post this job on a job board, please do not use company name or salary.
Experience level: Mid-senior Experience required: 10 Years Education level: Bachelor’s degree Job function: Information Technology Industry: Financial Services Pay rate : $50 per hour Total position: 1 Relocation assistance: No Visa sponsorship eligibility: No
This role is CTH, and the duration of the contract is through the end of the year.
Job Highlights:
The Security Awareness, Training, Education, and Communication (SATEC) Program's ultimate responsibility is to reduce risk to DTCC by ensuring all workers know, understand, and follow DTCC’s information and cyber security requirements and perform and operate in a secure manner. This role will report to the SATEC Program Director.
Responsibilities:
The risk analyst will be responsible for supporting DTCC’s security awareness and training functions. This role will be responsible for assisting in a wide range of exciting activities and initiatives related to cybersecurity awareness, including but not limited to developing enterprise-wide and regional events; communications; cybersecurity awareness material such as newsletters,giveaways, job aides, graphics, videos, and e-learning modules; and assisting in the execution of training activities such as simulated phishing campaigns and targeted training.
The essential duties listed below are intended to describe the general responsibilities of this position but are not intended to be an exhaustive statement of duties.
Collaborate with cross-functioning teams to assess and analyze global cybersecurity training initiatives, ensuring alignment with industry best practices and compliance standards.
Develop and maintain risk management frameworks, policies, procedures, and job aids related to DTCC’s cybersecurity education and communication efforts.
Monitor and evaluate emerging cyber threats, providing timely updates and recommendations to enhance the effectiveness of the SATEC program.
Design and implement risk mitigation strategies to address identified vulnerabilities, working closely with teams to strengthen cybersecurity practices.
Regularly assess and update risk metrics and key performance indicators to measure the impact and success of SATEC.
Serve as a subject matter expert in cybersecurity risk management, providing guidance to stakeholders, and supporting continuous improvement initiatives.
Collaborate with global and domestic teams to ensure the nature of the organization is considered in risk assessments and mitigation strategies.
Develop tailored content that is relevant to DTCC’s specific risks and FinTech industry, ensuring it resonates with DTCC workers globally.
Utilize engaging and interactive training methods, such as phishing simulations, quizzes, and real-world scenarios, to enhance retention and understanding.
Implement an ongoing, dynamic training schedule to keep employees informed about evolving cybersecurity threats and best practices.
Secure and maintain support from leadership to demonstrate DTCC’s commitment to cybersecurity, fostering a culture of security from the top down.
Develop and/or choose accessible and user-friendly platforms for delivering training material; ensure ease of use across different regions and technical abilities.
Conduct targeted and role-based awareness campaigns that consider cultural nuances and awareness levels in various regions.
Ensure that training materials and communication are accessible via mobile devices, accommodating employees who may work remotely or in different timezones.
Align the awareness program with industry regulations and compliance standards to address specific legal and regulatory requirements globally.
Establish and maintain channels for employees to provide feedback, ask questions, or report potential security incidents, fostering a sense of participation and accountability.
Develop and maintain a comprehensive communication plan for responding to and communicating during cybersecurity and data-related incidents to minimize confusion and mitigate risks effectively.
Effectively communicate DTCC’s Information Security (IS) policies, control standards, and requirements so that employees know, understand, and can follow them.
Identify the top human risks to the organization and the behaviors that need to change to mitigate those risks.
Contribute to enhancing the SATEC Program to not only change human behaviors but also the organizational culture.
Create informative executive-level reports to enable leaders to make decisions.
Contribute to documenting metrics that can effectively measure the SATEC program's effectiveness.
Maintain the departmental and program-level intranet pages.
Work collaboratively across functional areas for innovation to turn ideas into reality.
Perform proactive technical research to detect emerging risks and cyber-threat trends.
Facilitate and coordinate events, meetings, and activities.
Capture and publish meeting minutes for risk-based steering committees, forums, and team meetings.
Take ownership of assignments and drive them to completion.
Qualifications
A bachelor's or advanced degree in cybersecurity, information technology, or a related field provides a foundational understanding of cybersecurity principles.
Substantial experience in cybersecurity, with a focus on maintaining, enhancing, and implementing awareness and training programs. Practical experience in handling security incidents and understanding the treaty landscape is valuable.
A genuine passion for educating others about cybersecurity and promoting a culture of security within an organization.
Strong skills in designing and delivering effective cybersecurity training content using various methods, including e-learning platforms, workshops, and simulations.
Excellent communication and interpersonal skills to convey complex cybersecurity concepts in a clear and understandable manner. This includes the ability to engage a diverse audience and tailor communication for different organizational levels. The ability to craft compelling messages and materials that engage and educate workers. Marketing skills are valuable for promoting events and the campaign effectively.
The ability to assess the effectiveness of the SATEC program, analyze security risks, and use user data-driven insights to continually improve training and initiatives.
Skills in analyzing data to measure the impact and effectiveness of the awareness campaign. This includes using metrics to elevate participation, awareness levels, and behavior change.
Familiarity with learning management systems (LMS), e-learning platforms, and other training technologies to facilitate efficient and scalable delivery of cybersecurity education.
An understanding of human behavior in the context of cybersecurity, including factors influencing employee adherence to security policies, procedures, and practices.
Knowledge of relevant data protection laws, financial services industry regulations, and compliance standards to ensure SATEC aligns with legal requirements.
The ability to stay updated on emerging cybersecurity threats and adapt SATEC's initiatives accordingly, ensuring relevance as well as effectiveness,.
Effective project management skills to plan, execute, and monitor the progress of SATEC’s initiatives.
Ability to collaborate with cross-functional teams, including IT, HR, and legal departments, to integrate cybersecurity awareness seamlessly into various aspects of DTCC.
Proven experience in cybersecurity risk analysis, preferably in a global context.
Strong understanding of cybersecurity principles, frameworks, and industry standards.
Hands-on experience in working in a cyber security awareness program and/or incapacity where creativity was needed to increase employee engagement and influence human behaviors.
Excellent communication and interpersonal skills to effectively engage with diverse teams and stakeholders.
Knowledge of training and communication methodologies related to cybersecurity awareness programs.
Familiarity with regulatory requirements and compliance standards in the cybersecurity domain.
Analytical mindset with the ability to translate complex technical concepts into actionable insights.
Ability to think like a social engineer and use that context to develop social engineering campaigns.
The ability to think creatively to develop innovative and engaging awareness materials and activities that capture the attention of DTCC workers.
Have the ability to find flaws in processes and effectively communicate how to fix them.
Experience working in an agile environment.
Extremely strong attention to detail.
Advanced level of Microsoft Excel expertise and/or hands-on experience with PowerBI.
Confidence and presence when working with senior management.
Multi-tasking and follow-up skills
Proficient in Microsoft Outlook, SharePoint, PowerPoint, Excel, Word, and Project
Nice to have:
Industry-recognized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Security Manager (CISA) demonstrate expertise and commitment to the field.
Project management certification.
Experience with building dashboards and reports using PowerBI.
Designing and developing SCORM-compliant content. Samples are a plus.
SharePoint and website development.
Powered by Webbtree