Security Analyst, Information Security Awareness

• Responsible for the strategic vision, execution and implementation of the organization's Security Awareness program's daily operations, goals and objectives by developing and monitoring security standards and best practices for the organization. Recommend security enhancements as needed and build solutions to meet those needs as appropriate.
• Design and develop comprehensive security awareness programs, including training materials, presentations, and interactive activities.
• Conduct security awareness training sessions for employees at all levels, utilizing various formats such as in-person workshops, webinars, and e-learning modules.
• Create engaging and informative content related to cybersecurity topics, including newsletters, posters, videos, and intranet articles.
• Plan and execute security awareness campaigns to promote key security initiatives and reinforce secure behaviors.
• Identify and assess potential security risks related to employee behavior and recommend mitigation strategies.
• Develop and track metrics to measure the effectiveness of security awareness programs and report findings to management.
• Ensure that security awareness programs comply with relevant regulations, standards, and best practices.
• Assist in the investigation and response to security incidents, providing insights into employee-related security issues.
• Work closely with other departments, including IT, HR, and Legal, to integrate security awareness into broader organizational initiatives.
• Stay current with the latest cybersecurity trends and threats, and continuously improve the security awareness program based on new information and feedback.
• Actively engages in the greater information security and privacy community (e.g., peer groups, seminars, conferences, etc.) to help identify new technologies, new techniques and new partners. Demonstrates a positive, proactive, and thought leadership attitude to CAS and the greater security community.
• Ability to document technical processes to ensure accuracy and sustainability of job-related processes.
• Experience in implementing security awareness controls outlined in industry frameworks in existing programs.
• Other duties as required.

Qualifications:

• 3 years of experience in related field.
• Bachelor’s degree in Computer Science, Information Systems, Computer Engineering, Information Security or equivalent is required.
• Cyber Security Certifications (e.g., CISSP, GIAC certifications, etc.) are preferred, but not required.
• Demonstrate understanding and/or experience with CIS Critical Controls, NIST CSF and ISO 27001 frameworks are preferred, but not required. 

Technical Knowledge, Skills, and Abilities:

• Strong understanding of cybersecurity principles and best practices.
• Working knowledge of information security risk and control frameworks including NIST 800-171, CMMC, NIST CSF, and CIS Critical Controls
• Excellent written and verbal communication skills, with the ability to communicate security concepts to technical and non-technical stakeholders
• Excellent written and verbal communication skills.
• Ability to create engaging and informative content.
• Proficiency in using e-learning platforms and tools.
• Strong analytical and problem-solving skills.
• Demonstrated experience working with a team to solve technical problems
• Demonstrated experience working with a team to solve process problems
• Able to work independently and as part of a team
• High level of attention to detail and accuracy in analysis
• Experience with and ability to implement security best practices
• Ability to focus on and achieving results
• Demonstrated reliability and follow-through on commitments and assignments
• Demonstrate professionalism and courtesy in all interactions
• Work well under pressure
• Ability to balance several tasks simultaneously

This role is based in our Washington, D.C. office. A reasonable rate of compensation for this position is between $90,000-$95,000 per year.