The Director of Information Security Awareness and Training is responsible for developing, implementing, and managing security awareness and training programs across the organization. The Director will lead a comprehensive approach to building a security-conscious culture and drive behavioral change initiatives.This role combines strategic vision with hands-on program development to protect the organization's information assets through effective employee education and engagement.This leader will manage a small team and will need to establish strong cross-functional relationships with high trust across the enterpriseto be effective.

Key Responsibilities

Program Development and Management 

• Design, implement, and maintain enterprise-wide security awareness and training programs

• Establish metrics to measure program effectiveness

• Develop annual training calendars and curriculum roadmaps aligned with organizational needs

• Be accountable for ensuring our spend on security awareness and human-centric security is highly effective

Strategic Leadership 

• With executive leadership, align security awareness initiatives with business objectives

• Build strategic partnerships across IT, P&O, Legal Compliance, Corporate Communications, and other departments to integrate security awareness into organizational processes

• Drive organizational culture change related to security

• Influence security behavior change 

• Stay current with emerging threats and evolving security best practices to keep guidance timely and relevant

• Establish relationships with industry groups and security awareness communities 

Security Innovation Leadership 

• Research innovative training and awareness approaches (gamification, VR/AR, Advanced Technologies, etc.)and implement where applicable to maximize engagement and knowledge retention

• Identify and evaluate emerging security awareness technologies

Content Creation and Delivery 

• Lead creation of engaging, relevant security awareness content across multiple formats (e-learning, videos, newsletters, etc.)

• Oversee the development of role-based training materials tailored to different departments and risk profiles

• Review and modernize phishing and social engineering training programs 

Risk Management and Compliance 

• Ensure security awareness initiatives and training programs meet regulatory requirements (GDPR, CCPA, PCI DSS, etc.)and Sony requirements

• Conduct regular assessments to identify knowledge gaps and security behavior risks

• Develop remediation strategies for identified awareness gaps

• Ensure the integration of awareness metrics into the information security risk management framework

• Prepare reports for leadership on program effectiveness and compliance status

• Translate technical security concepts into business risk language for executive audiences

Qualifications
Education and Experience

• Bachelor's degree in Information Security, Computer Science, Communications or related field or equivalent experience

• 8+ years of experience in Learning and Development or Communications 

• 3+ years focus on security awareness and training

• 3+ years managing others

• Proven record developing and implementing successful security awareness programs

Technical Knowledge

• Strong understanding of information security principles, frameworks, and best practices

• Knowledge of relevant regulations and compliance requirements

• Familiarity with learning management systems and awareness platforms

• Experience with security awareness program management and analytics, tools, and technologies

Skills and Competencies

• Excellent communication and executive presentation skills  

• Strong leadership and team management abilities

• Creative approach to education and behavior change

• Change management and organizational development expertise

• Ability to influence across organizational boundaries 

• Data analysis skills to measure program effectiveness 

• Project management expertise

 Certifications (preferred)

• Security awareness specific certifications (SANS GIAC Security Awareness, etc.)

• Adult learning or instructional design certifications, (CPTM, etc.)

• CISSP, CISM, or equivalent security certification

Working Conditions 

• Full-time position with minimum 4 days onsite 

• May require occasional travel for conferences, training events, or multi-site program implementation

• Ability to adapt to rapidly evolving security threat landscape and business priorities

 Success Criteria 

• Measurable improvement in security awareness metrics across the organization

• Reduction in security incidents related to human behavior

• High engagement rates with security awareness content

• Successful compliance with relevant security standards and regulations

• Positive feedback from stakeholders and program participants

• Actively contribute to a positive team environment through participation in team activities, knowledge sharing, and colleague support.