Cybersecurity Culture and Awareness Analyst

This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations.

Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourish in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.

Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.

Job Summary:

The Analyst, Cybersecurity Culture and Awareness will join Ascot’s Cybersecurity Governance, Risk & Compliance (GRC) function and will work on several activities across the GRC function, with a primary focus on promoting a strong Cybersecurity Awareness Culture throughout the organization.

In this role, you will be responsible for designing, developing, and delivering effective Cybersecurity training programs for our employees. You will also develop, execute, and monitor methods to evaluate cybersecurity awareness of colleagues for continuous improvement purposes. Additionally, you will be responsible for creating and implementing effective communication strategies to keep company assets secure and employees informed, engaged and cyber-safe using various channels and formats. This is a global role with a unique opportunity to participate in activities across the GRC function and to interact with colleagues at all levels across the entire organization.  This role will be in the office with a hybrid work schedule.

Responsibilities: 

• Cybersecurity Training:
  • Assess the learning needs of the different role and audience demographics, designing and customizing training materials tailored to those needs.
  • Liaise with subject matter experts to develop and deliver comprehensive training programs focused on diverse Cybersecurity topics. 
  • Evaluate the effectiveness of training programs through feedback and statistics
  • Collaborate with IT, HR, and legal and compliance teams to ensure training aligns with organizational policies and regulatory requirements (e.g., HIPAA, GDPR, NIST, ISO 27001).
• Awareness Communications:
• Phishing and Social Engineering Simulations:
  • Develop and execute simulations across the Ascot organization.
  • Monitor the actions taken by colleagues on simulations, and utilize the consequence management process to improve colleague response.
• Policies and Standards Maintenance:
  • Coordinate updates to the cybersecurity policies and standards, managing the annual review, update and release cycle. 
• Educate Users so that they are better prepared to, understand, identify and respond to potential threats via the following methods; Marketing Newsletter, Blog Posts, Cybersecurity Hub content, AI/Deepfake technology, Cyber Champions network and Roadshows.
• Stay up to date with the latest trends, technologies, and threats in the Cybersecurity landscape to ensure training materials stay current and relevant.
• Create customized and engaging communications content
• Human Risk Management:
  • Identify and target key audiences and channels for communications and additional training based on attack potential data and other criteria.
• Manage ad hoc efforts in support of other Cybersecurity GRC functions as needed. 
  • Support internal and external audits and cybersecurity management system certification processes (e.g., ISO 27001). 
• Build and maintain relationships with training vendors, and constantly evaluate vendor capabilities and partnerships. 

Requirements:

• Minimum of 8 years of experience in cybersecurity, with a major focus in training or instructional design. 
• Understand regulatory requirements such as: CCPA, GDPR, NYDFS 500, Bermuda Monitory Authority, UK Financial Conduct Authority. 
• Self-starter with the ability to take initiative and capable of communicating to technical and non-technical audiences. 
• Strong understanding of cybersecurity concepts, threats, and best practices.
• Experience with Learning Management Systems (LMS) and e-learning tools (e.g., Articulate, Adobe Captivate).
• Excellent communication, presentation, and interpersonal skills.
• Certifications such as CompTIA Security+, CISSP, CISA, or SSCP are preferred.
• Experience with phishing simulation platforms.
• Familiarity with compliance frameworks and standards.
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
• An ability to effectively collaborate across multiple teams and ensure program needs are satisfied through interpersonal and trusted communication.

The annualized base pay range for this role is: $90,000 - $105,000

***This position may be filled at a different level, depending on experience***

Compensation 

Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot’s total compensation package for employees. Other rewards may include an annual cash bonus and other forms of discretionary compensation awarded by the Company.

Company Benefits 

The Company provides a competitive benefits package that includes the following (eligibility requirements apply): 

Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more 

Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver) 

Retirement Benefits: Contributory Savings Plan (401k)

#LI-Hybrid