SUMMARY: This position serves as the business leader responsible for developing and delivering the company's security education and awareness program with the purpose of creating an enterprise security positive culture where expected security behavior is embedded into normal behavior and where all relevant individuals make effective risk-based decisions and protect critical and sensitive information and systems. This role will be responsible for liaising with other experts and vendors to execute communication and training in support of security education and awareness. In this role, the individual must have passion for and experience with information security, and is capable of generating creative ideas that evangelize the criticality of information security in fun and engaging ways. This role will drive programs that increase visibility and understanding around information security best practices that reduce risk to our company.
ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties and special projects may be assigned.
- Establish and maintain a comprehensive Information Security Education and Awareness strategy and program that targets employees' behavior to become more security conscious and aligns with emerging CISO needs.
- Leadership and oversight of the Security Education and Awareness Program, including risk identification, content development, program road map and collaboration with teams across IT / IS to leverage the right communication mediums, training and education, and speaking engagements.
- Asset top human risk to our company and the employee behaviors that need to change to mitigate those risks.
- Create and manage Information Security Education and Awareness training programs for employees and contractors making sure the security programs comply with applicable regulations and policies, to minimize risk and mitigate / resolve audit findings.
- Actively partner with other business areas, e.g. Compliance, Fraud, HR to drive the right messages under a shared security-focused campaign and brand to enhance education and awareness activities.
- Collaborate with the CISO organization (Access & Identity, Cyber Threat Unit, and Risk Management) to enhance Information Security Education and Awareness training activities.
- Effectively measure and regularly report on the effectiveness of security education and awareness programs and delivery methods.
- Develop, collect, analyze metrics for education and awareness campaigns in terms of reach, impact, and change in behavior to determine effectiveness and influence strategy/direction.
- Determine the frequency of cybersecurity related education and awareness activities to achieve the greatest impact.
- Support cybersecurity education and awareness efforts across the employee population including executives.
- Develop targeted communications to stakeholders on identified cybersecurity related topics as needed.
- Conduct analysis and research of cybersecurity capabilities that improve the education and awareness programs and expand security messaging.
- Lead, develop, and execute cybersecurity related education and awareness activities leveraging a variety of teaching and delivery methods
- Provide support and security-related information as needed to business unit stakeholders.
- Promote and communicate information security education and awareness within the organization.
- Perform additional duties, as assigned.
- Adheres to and complies with applicable, federal and state laws, regulations and guidance, including those related to anti-money laundering (i.e. Bank Secrecy Act, US PATRIOT Act, etc.).
- Adheres to Bank policies and procedures and completes required training.
- Identifies and reports suspicious activity.
EDUCATION
Bachelor's Degree required Or Master's Degree in Information Security Management or equivalent work experience required
EXPERIENCE
- 7-9 Years of Information Technology or Information Security experience required
- 4-6 Years of management experience required
- Prior experience within a financial institution preferred
- Experience authoring information security policies, standards, and guidelines required
- Prior experience working with regulations in the area of FFIEC, GLBA, SOX, and FDICIA preferred
CERTIFICATES, LICENSES, REGISTRATIONS
- CISSP Certified Information Systems Security Professional preferred
- Certified Information Security Manager (CISM) preferred
- CISSA or related certifications preferred
KNOWLEDGE, SKILLS AND ABILITIES
- Must be committed to incorporating security into all decisions and daily job responsibilities
- Strong interpersonal skills and professionalism to foster collaboration, increased education and awareness and promote a cybersecurity savvy workforce.
- Requires good analytical skills with experience creating a security education and awareness strategy and implementing the program to carry out the strategy.
- Strong knowledge of core Information Security concepts related to Governance, Risk & Compliance.
- Broad knowledge IS policies, standards and guidelines.
- Broad understanding of best practice control frameworks and regulatory requirements such as GLBA and ISO 27001/2
- Demonstrated understanding of internal security controls.
- Effectively collaborates with leaders at multiple levels across disciplines.
- Good business acumen, ability to understand the potential impact of non-compliance on the business.
- Solid management, leadership and mentoring skills.
- Possess strong writing, verbal communication and presentation skills.
- Ability to perform multiple projects simultaneously.
- Working knowledge of Adobe Creative software (Fireworks, InDesign, Photoshop, Illustrator, After Effects, Audition)
- Working knowledge of Microsoft Word, Excel, PowerPoint, Publisher and Visio.
ADDITIONAL INFORMATION
- Candidates residing in locations within BankUnited's footprint may be given preference.
|
BankUnited
Nov 26, 2025