Cybersecurity Risk and Compliance Specialist

As the Cybersecurity Risk and Compliance Specialist, you will be responsible for developing, delivering, and managing Cybersecurity training programs to educate employees on cybersecurity best practices, policies, and procedures across the organization. You will also assist in Cybersecurity compliance initiatives with vendors and suppliers, and manage phishing simulation campaigns for the company.

1. Conducts Cybersecurity awareness training including the creation of end-user training documentation and delivering training sessions.
2. Creates and monitors Cybersecurity phishing simulations.
3. Researches emerging threat trends, new technologies, IT/Cybersecurity best practices, frameworks, and regulations and periodically reports to leadership.
4. Assists with developing and implementing security policies, procedures, and best practices to ensure compliance with industry regulations and standards.
5. Collaborates with cross-functional teams to implement security measures to mitigate risks and ensure compliance with IT security standards.
6. Performs other duties as assigned.

Job Skills Requirements

• Understanding of IT Governance and Cybersecurity frameworks, including COBIT, NIST Cybersecurity Framework, CIS, and NIST 800-171/CMMC.
• Familiarization of security principles and best practices.
• Prior experience with Knowbe4 (PhishER, Compliance Plus) desired.
• Strong attention to detail and organization.
• Strong communication and presentation skills. Candidate should be comfortable communicating effectively with non-technical teams.
• Strong in problem-solving and critical thinking.
• Ability to prioritize and execute tasks both independently and in a team-oriented environment.

Education

• Bachelor's degree in Computer Science, Information Technology, or related field, or equivalent education and experience.

Experience Requirements

• Minimum 3 years of IT security experience.

Certification

• ISACA CRISC certification preferred.