Security Awareness & Culture Manager

📋 Description

• • Ping Identity is seeking a dynamic and experienced Security Awareness & Culture Manager to spearhead and elevate our global security awareness program. This pivotal role is responsible for the entire lifecycle of security awareness and training initiatives, ensuring Ping Identity fosters a robust security-conscious culture across all levels of the organization.
• • You will take ownership of the strategic direction and operational execution of our security awareness efforts, aligning them seamlessly with Ping Identity's overarching security policies, industry standards, and critical compliance obligations. This includes developing and refining content for annual mandatory training, creating targeted campaigns for specific risk areas, and implementing effective phishing simulation programs.
• • A key responsibility will be the design, delivery, and continuous improvement of comprehensive security and privacy training modules for all employees and contractors. This encompasses onboarding materials for new hires and regular refresher courses to maintain a high level of awareness and adherence to best practices.
• • You will proactively plan and execute ad-hoc training and awareness campaigns focused on critical areas such as data handling protocols, secure engineering practices, responsible AI usage, vendor risk management, and incident reporting procedures. These campaigns will be tailored to address specific audiences and emerging risk landscapes.
• • Leading our phishing simulation program is a core function. This involves the strategic design of simulation scenarios, meticulous execution, rigorous measurement of results, and the implementation of follow-up coaching to enhance employee resilience against phishing attacks and promote prompt reporting of suspicious activities.
• • You will be instrumental in developing and delivering impactful security briefings tailored for leadership, various business units, and project teams. This requires the ability to translate complex technical risks into clear, concise, and business-relevant narratives that resonate with diverse stakeholders.
• • Crafting and managing engaging security communications across multiple channels is essential. This includes email, intranet portals, collaboration platforms like Slack/Teams, company-wide town halls, video content, newsletters, and micro-learning modules, ensuring a consistent and impactful tone and message.
• • A significant part of your role will involve building and running tailored risk and security awareness programs for key stakeholder groups, including engineers, product teams, go-to-market (GTM) functions, HR, Finance, and executive leadership. These programs will be customized to their specific roles and associated risk profiles.
• • You will collaborate closely with the Corporate Communications and Marketing teams to extend our security awareness efforts externally. This may involve contributing to thought leadership pieces, participating in awareness months/weeks, and developing customer-facing content where appropriate, reinforcing Ping Identity's commitment to security.
• • Defining and meticulously tracking key performance indicators (KPIs) is crucial for measuring program effectiveness. This includes metrics such as training completion rates, phishing susceptibility and reporting rates, employee survey results, and behavioral metrics. The insights derived from this data will be used to drive continuous improvement and demonstrate the value of the program.
• • You will maintain an up-to-date, dynamic calendar of awareness activities, ensuring alignment with the evolving threat landscape, audit and compliance timelines, and critical business priorities.
• • Ensuring all developed content adheres to best practices in adult learning principles and behavior change methodologies is paramount. Content must be accessible, engaging, and inclusive for a diverse, global workforce.
• • You will be responsible for vendor management of any external awareness, e-learning, or phishing simulation providers, ensuring all commercial, security, and privacy requirements are rigorously met.
• • This role reports into the Information Security organization and requires close collaboration with Enterprise Security, Privacy, the People Team, Corporate Communications, and Marketing to achieve measurable improvements in security and risk awareness across the entire company.
• • This is a full-time, remote position based in the UK, offering the opportunity to shape the security culture of a leading identity security company.