Manager, IT - Security Awareness Program

Date: Jun 12, 2022

Location: US-NJ-Bridgewater, New Jersey, US

Company: Bausch Health

The Manager, IT - Security Awareness Program will be focused on developing, operationalizing, and managing a range of new and existing security initiatives.  This role will play a significant role in helping drive a culture of security awareness within Bausch Health.   The Security Awareness Manager will build user awareness by taking a holistic approach to the cybersecurity awareness program using diverse methodologies and concepts to spark interest. This role will require significant cross-functional collaboration with functional areas of Security, as well as other external teams and is critical in supporting the fundamental elements of our mission, earning, and maintaining customer trust, and rigorously safeguarding customer data.

This role is based at our HQ location in Bridgewater, NJ.

Responsibilities:

  • Define and deliver the security awareness program objectives, strategies, and tactics
  • Design, build and run innovative security awareness, education and training initiatives that drive best practice adoption and identify human-based risks using a combination of interactive learning experiences and simulation-based training
  • Develop regular targeted communications to business stakeholders on various security related topics
  • Establish and report relevant metrics and Key Performance Indicators (KPIs) to communicate status and demonstrate progress of program performance
  • Develop a strategy to ensure the program evolves along with the threat landscape, as well as design and create materials to support it, including phishing ploys, educational content, and reports
  • Cultivate relationships with cross-functional teams and partners to improve the quality of security awareness training throughout the organization
  • Organize security awareness events to support the development of a secure culture
  • Continuously identify, assess, measure, and monitor program value and iterate to increase effectiveness
  • Collect evidence for compliance-related audits
  • Monitor and identify the top human risks to our organization and the behavioral changes needed to mitigate those risks
  • Design and develop awareness campaigns, events, training materials, awareness website and other forms of security messaging; collaborate with vendors, consultants, and subject matter experts within the Security Operations team and across the company to create high-impact content and delivery channels.
  • Conduct research and analysis into effective security awareness and training trends, techniques, and solutions

Required Skills

  • Bachelor’s degree and 5+ years of relevant work experience in one or more of the following fields: technical, security or privacy education/training, information security, risk management, corporate communications or other related field
  • Strong understanding of the relationship between human behavior and security
  • Excellent verbal/written communication, analytical and independent judgment skills with ability to effectively interact with individuals at all levels of responsibility; must be able to positively influence and clearly explain complex information security concepts and technologies for both technical and non-technical audiences
  • Strong time and project management skills with the ability to work independently
  • Ability to navigate diverse global perspectives and promote an inclusive and collaborative environment
  • Demonstrated knowledge of information security policies, standards, and/or governance controls
  • Ability to delegate tasks and collaborate on creative content
  • Ability to define a multi-year strategy and a tactical plan to achieve it, and obtain support from senior leaders

Desired Skills

  • At least 3 years specifically building information security and/or privacy education and awareness training initiatives, preferably in a large enterprise
  • Experience with curriculum and learning program development
  • Experience running and supporting simulation-based training campaigns such as phishing and social engineering