We are seeking a Security Awareness Analyst to help build and scale our security awareness program. This role focuses on reducing human risk by educating employees, driving behavior change, and supporting a strong security culture across the organization.
You'll partner closely with Information Security, IT, HR, Communications, and other business groups to translate evolving risks into effective, scalable education and engagement strategies.
As a key member of the Cybersecurity Communications team, the Security Awareness Analyst is responsible for executing and continuously enhancing the organization's global security awareness and phishing simulation program.
Operating at the intersection of cybersecurity, communications, and behavioral science, this role fosters a strong security culture by developing and managing awareness initiatives that promote cybersecurity best practices and mitigate human-related security risks. The Security Awareness Analyst is responsible for developing targeted awareness campaigns, creating original content, and translating threat intelligence and real-world security incidents into timely, relevant employee education.
This is a hands-on role requiring strong execution, creativity, and analytical thinking to influence employee behavior across a diverse, global workforce.
WHAT YOU'LL DO:
- Manage and operate the enterprise security awareness and phishing simulation platform, including campaign configuration, content creation, targeting, scheduling, and reporting
- Partner with Security Operations and Incident Response teams to translate active threats and post-incident learnings into targeted awareness campaigns
- Design and execute phishing simulations informed by current threat intelligence and threat actor tactics
- Develop and deliver high-impact security awareness content and campaigns, including e-learning modules, videos, infographics, and threat advisories, tailored to diverse employee populations
- Deliver role-based and annual enterprise-wide security awareness and compliance training, partnering with cross-functional teams to integrate training into onboarding and ongoing employee education
- Analyze program performance and user behavior to refine campaign strategies, increase effectiveness, and reduce organizational risk
- Drive measurable behavior change by improving key metrics such as phishing susceptibility, reporting rates, and time-to-report across the organization
- Collaborate with Cybersecurity Communications Manager and various business stakeholders to deliver clear, actionable messaging
- Develop dashboards and reporting for leadership that demonstrate program impact
- Continuously evaluate and improve awareness tooling, automation, and campaign workflows
- Stay current with evolving phishing techniques and social engineering tactics
WHAT YOU'LL BRING:
- Strong understanding of phishing, social engineering, and threat actor tactics
- Ability to translate technical threats into engaging content for non-technical audiences
- Experience creating original content including training materials and awareness campaigns
- Analytical mindset with the ability to interpret behavior data and metrics
- Strong written and verbal communication skills
- Ability to manage multiple concurrent security awareness campaigns
- Working knowledge of cybersecurity fundamentals
- Familiarity with leveraging threat intelligence
- Strong collaboration skills
- Background in content development, instructional design, or behavioral science
- Experience in retail or ecommerce environments
- Familiarity with data analysis or reporting tools
- Relevant certifications are a plus
REQUIREMENTS:
- 2-5 years of experience in cybersecurity, security awareness, training, e-learning or related disciplines
- Direct experience supporting or operating a security awareness program
The pay range for this position is $90,000-$125,000/yr USD.
