The Opportunity

The Director of Security Awareness is responsible for developing, implementing, and managing the organization’s security awareness and training program.

The Team

This individual will lead team efforts to foster a culture of security across the organization, reduce human-related security risks, and ensure employees and stakeholders are educated on best practices for protecting sensitive data and systems.

The Impact

The role requires strategic leadership, creative program development, and the ability to measure and communicate the effectiveness of awareness initiatives.

Key Responsibilities

Program Development and Leadership:

Design, implement, and manage a comprehensive security awareness and training program tailored to the organization’s needs.Align the program with business objectives, regulatory requirements, and industry best practices.Promote a security-first culture across all levels of the organization.

Training and Awareness Campaigns:

Develop engaging training materials and campaigns using various formats (e.g., e-learning modules, in-person workshops, videos, and gamified learning).Conduct phishing simulations and other practical exercises to assess and improve employee security behavior.Tailor training content for diverse audiences, including executives, technical staff, general employees, and third-party vendors.

Risk Reduction and Behavior Change:

Identify and address key human-related risks (e.g., phishing, social engineering, password management).Measure the impact of training programs on employee behavior and incident reduction.Implement strategies to address recurring security vulnerabilities or compliance gaps.

Metrics and Reporting:

Define and track key performance indicators (KPIs) to evaluate program effectiveness.Report on awareness program progress, employee engagement, and risk reduction to senior leadership and the board.Use data-driven insights to continuously improve program effectiveness.

Collaboration and Communication:

Work closely with IT, legal, HR, compliance, and other departments to align awareness initiatives with organizational goals.Partner with external vendors and consultants as needed to enhance training content and delivery.Act as the primary advocate for security awareness, communicating the importance of cybersecurity to all stakeholders.

Compliance and Regulatory Alignment:

Ensure the program meets applicable regulatory and compliance requirements (e.g., NIS, NYDFS).Maintain documentation to provide evidence of compliance during audits or assessments.Stay updated on industry trends, emerging threats, and changes in compliance standards.

Incident Response Integration:

Collaborate with the incident response team to incorporate lessons learned from security incidents into training materials.Ensure employees are educated on how to recognize and respond to potential security incidents.

The Minimum Qualifications

Bachelor’s degree in information technology, Cyber Security, or a related field8+ years of experience in cybersecurity3+ years in a leadership role focused on security awareness and training

The Preferred Qualifications

Strong knowledge of cybersecurity principles, threats, and best practices.Experience with learning management systems (LMS), phishing simulation tools, and training platforms.Excellent communication and presentation skills, with the ability to engage and educate diverse audiences.Strong analytical skills for measuring program effectiveness and driving continuous improvement.Creative mindset with the ability to design innovative and engaging training campaigns.

Certifications (Preferred):

Certified Information Systems Security Professional (CISSP)Certified Information Security Manager (CISM)Certified Cybersecurity Awareness Professional (CCAP) or equivalentSANS Security Awareness Professional (SSAP)Certified Security Awareness Practitioner (CSAP)

Key Competencies

Leadership and team management skills.Strong interpersonal and collaboration skills.Ability to prioritize and manage multiple projects in a dynamic environment.Strategic thinking and problem-solving capabilities.Passion for promoting cybersecurity and influencing positive behavior change.

What to Expect as Part of MassMutual and the Team

Regular meetings with the Awareness & education teamFocused one-on-one meetings with your managerAccess to mentorship opportunitiesNetworking opportunities including access to Asian, Hispanic/Latinx, African American, women, LGBTQIA+, veteran and disability-focused Business Resource GroupsAccess to learning content on Degreed and other informational platformsYour ethics and integrity will be valued by a company with a strong and stable ethical business with industry leading pay and benefit.

#LI-SC1

MassMutual is an Equal Employment Opportunity employer Minority/Female/Sexual Orientation/Gender Identity/Individual with Disability/Protected Veteran. We welcome all persons to apply. Note: Veterans are welcome to apply, regardless of their discharge status.

If you need an accommodation to complete the application process, please contact us and share the specifics of the assistance you need. EEO Statement (Opens in new window)

MassMutual will accept applications on an ongoing basis until such time as a candidate has been offered employment. The job description includes the main duties of this position, which may evolve over time. You may be required to perform other duties not listed.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.

Salary Range: $152,100.00-$199,600.00