This job has expired, please see additional jobs below
Program Lead, Security Awareness and Training
NBC Universal
Englewood Cliffs, NJ, United States
Job Details - this job has expired, please see similar jobs below
About Us
NBCUniversal is one of the world’s leading media and entertainment companies in the development, production, and marketing of entertainment, news, and information to a global audience. NBCUniversal owns and operates a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, and world-renowned theme parks. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
Responsibilities
The Information Security Training and Awareness Program Manager is responsible for all aspects of information systems security training and awareness program development and execution to include continuing evaluation for program effectiveness and improvement. Directs the development of multi-media based training and awareness products for the consumption by NBCUniversal staff and onsite contractor and consulting personnel. Works in concert with communications staff within the NBCUniversal and Comcast corporate environments to effectively socialize safe and secure computing practices and procedures as well as required compliance related information security and privacy responsibilities. This position can be located in New York, NY or Englewood Cliffs, NJ.
• Creatively identifies and coordinates with the communications team training and awareness opportunities to help ensure appropriate and effective communication of information security policies, standards, and procedures.
• Partnering with Corporate Communication and various IT organizations to conduct and manage an ongoing company-wide phishing program.
• Communicates information protection risks and issues to all levels of management including security issue identification, escalation and resolution.
• Work with TechnologySafe team to analyze security risk likelihood and impact to determine training and awareness initiatives and plans for execution.
• Synthesizes and communicates to effectively show relationship between safe computing practices and actual risk posture.
• Stays up to date on the direction of emerging security issues and assess the need for out-of-cycle, and other out-of-band, communications with employees and contract personnel.
• Partner with Corporate Communications and Change Network personnel to most effectively convey Awareness messages with target employees and contractors.
• Responsible for overseeing security education and compliance training in support of PCI requirements
• Identifies, evaluates, conducts and/or coordinates, schedules and leads information security training and awareness functions leading to the adoption of key security behaviors and actions by employees and contractors.
Our Security Awareness Program Requirements
• Ensure that our security awareness program meets all industry regulations, standards, and compliance requirements.
• Ensure that our security awareness program communicates our security policies and requirements so that people know, understand and can follow them.
• Identify the top human risks to our organization and the behaviors we need to change to mitigate those risks. Develop and maintain a security awareness program that effectively changes these behaviors so our employees act in a secure manner, reducing the most risk to our organization.
• Create a positive program that engages employees, to include focusing on changing behaviors both at home and at work. Ultimately, we want our employees to demonstrate the same secure behaviors regardless of where they are or the devices they are using.
• Structure and maintain this program to be long term, so ultimately, we are not changing just behaviors but culture.
• Create a metrics framework that can effectively measure these requirements.
Qualifications/Requirements
Basic Qualifications
• Bachelor’s degree or equivalent
• Minimum 7+ years professional experience.
• Minimum of 3 years within Third Party Risk/Assessments discipline or responsibility for reporting/metrics
Eligibility Requirements
• Interested candidate must submit a resume/CV through www.nbcunicareers.com to be considered
• Must be willing to work in New York, NY or Englewood Cliffs, NJ
Desired Characteristics
• Ability to translate complex security communications / messages in a simple, clear and concise manner to the various communities within our organization. This can include different cultures, nationalities, international locations and languages.
• Project management experience, the ability to plan, manage and maintain an organization-wide program over the longer term.
• Display practical knowledge of different message distribution techniques to ensure end user communities understand and continually apply the required behavioral change necessary to reduce human risk.
• Ability to communicate with and coordinate the activities of others.
• Understanding of the concepts of information risks and the different elements that make up risk. In addition, have at a minimum a basic understanding of the different concepts of information security.