Information Security and Privacy Manager

ROLE OVERVIEW
The Information Security and Privacy Manager will:
(1) Identify and monitor security and privacy training needs within the organization;
(2) Create a strategic, global plan to measurably improve security and awareness within the firm and with targeted employee groups;
(3) Design, plan, and implement security and privacy training programs, campaigns, policies, and procedures that fulfil those needs.
From time to time, the Manager will leverage content from vendors, but will also be responsible for developing our own curriculum, facilitate various virtual and in-person training workshops for executive audiences, and monitor the success of such programs.
The Manager will build relationships, and both create and execute on campaigns to improve awareness and sophistication across the firm.
KEY RESPONSIBILITIES/ACCOUNTABILITIES
- Own, develop, and mature a global information security and privacy training and awareness program,
- Develop and implement security and privacy awareness program charter and strategy,
- Review existing training programs; suggest enhancements and modifications to improve engagement, learning, and retention,
- Ensure training materials and programs are current, accurate, and effective. Is able to create curriculum and deliver training across the organization,
- Manage the firm's phishing simulation testing program Collaborates with vendors and third-party training providers to arrange employee registration for and participation in outside training programs,
- Ensures that training milestones and goals are met while adhering to approved training budgets,
- Conducts or facilitates required and recommended training sessions,
- Define ambitious measurable goals, objectives, and identify metrics and solutions that show impact and growth over time,
- Supports cross-functional collaboration to ensure projects are delivered according to agreed scope and budget,
- Perform other related duties as assigned,
- Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services.
All members of the firm participate in our Responsible Business program
Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services
PERSON SPECIFICATION
SKILLS & EXPERIENCE
- Organized and detail-orientated,
- Strong executive presence, with an ability to moderate large, executive level meetings, both in person and virtually,
- At least five years' experience in delivering, developing, and managing training development,
- At least three years' experience in the cybersecurity/privacy fields,
- Experience in reviewing policies and requirements from the user perspective, providing a pragmatic approach to improving awareness,
- Experience with requirements gathering, analysis, and recommendations development,
- Experience in effectively communicating with both technical and non-technical roles,
- Experience with risk and issue management,
- Good organizational and time management skills; ability to be flexible and solve problems,
- Strong interpersonal skills, with the ability to build strong relationships with peers and executives,
- Strong project planning and management skills; ability to break down complex problems into manageable goals,
- Outstanding oral and written communication skills; with strong graphic design abilities,
- Knowledge of cyber security frameworks, such as NIST, ISO, MITRE, etc is desirable,
- Knowledge of privacy regulations, such as GDPR, HIPAA, CCPA, PIPL, etc, is desirable.
QUALIFICATIONS & TRAINING
- Preference provided to individuals holding industry-relevant certifications (CIPP-E, CIPP-US, CISM, Security+, CISSP, etc),
- Education or training in executive education, professional development, corporate communications, or related areas preferred.
DGH Recruitment Limited acts as both an Employment Agency and Employment Business