Security Awareness and Culture Analyst

This position requires the ability to evaluate and assess the cybersecurity awareness levels of staff and to help tailor a security awareness program that promotes individual learning and works to build an improved culture with respect to the identification and reporting of potential cybersecurity threats. There are 3 positions available.

The position requires close collaboration with cross-functional teams including Corporate Communications, Privacy, and program coaches, as well as supporting departments requesting additional training. The role involves designing and delivering engaging training materials, including educational content and remedial learning courses. Key duties include: Planning and scheduling phishing campaigns. Preparing reports for the Executive Leadership Team. Developing curriculum across multiple learning platforms. Acting as a liaison with coaches, including preparing monthly materials, addressing questions, and supporting training. Managing program and security inboxes. Partnering with Corporate Communications to develop internal web content. Drafting organization-wide cybersecurity communications (e.g., threat updates and awareness messaging). Monitoring program results, identifying users who fail testing, coordinating remedial training with management, and tracking progress. Developing and delivering security awareness presentations. Participating in the security incident process. Designing motivational learning initiatives (e.g., gamification). Collaborating with the team to build new security awareness and culture initiatives.

The ideal candidate will have strong communication skills, experience in training or program coordination, and the ability to engage diverse audiences in cybersecurity awareness. 2 year Information Technology diploma or equivalent education and experience in lieu.

Risk Awareness: Ability to understand risk management and prioritize where effort is required. Exceptional written and verbal communication skills. Understanding of Microsoft Defender, specifically Attack Simulator. Demonstrated experience with other phishing simulation tools may be considered.

4‑year degree in Information Technology or equivalent experience (e.g., Associate of ISC(2), Security+). Knowledge of frameworks such as NIST, ISO 27001, or CIS Controls. Understanding of behavioural psychology to support learning and habit formation. Experience with learning management systems preferred.