Manager, Information Security Awareness Program

Marriott Global Information Security is looking for an Information Security Awareness & Training Products Manager who is passionate about educating our global workforce, creating content, and managing key initiatives to help mature our program. Key work products include managing content and updates for our annual and role-based training courses, running global phishing simulations, designing quarterly security awareness materials (e.g., posters, desktop wallpapers, online content, etc.), preparing educational presentations for business units, organizing and supporting events, and preparing program metrics reports.

CANDIDATE PROFILE

Education & Experience

Required:

• Undergraduate degree, equivalent experience, or certification
• 5 years’ experience in some or all of the following:
  • Experience as a Program or Project Manager
  • Development and delivery of communications, marketing and/or learning content
  • Building, running and/or supporting comprehensive training and awareness programs/products
  • Content development in Adobe Illustrator, Photoshop or Canva, and Microsoft PowerPoint

Preferred:

• Undergraduate degree in Marketing, Education, Communications, Business, or Information Security.
• Experience in instructional design, e-learning, and curriculum creation and Learning Management Systems
• Certified Security Awareness Practitioner (CSAP) and/or SANS Security Awareness Professional (SSAP)
• One or more of the following security certifications: CISM, CISMP or CISSP
• Super User/Expert Level Proficiency in Adobe Illustrator, Photoshop or Canva, and Microsoft PowerPoint

CORE WORK ACTIVITIES

INFORMATION SECURITY AWARENESS & TRAINING PRODUCTS

• Design, manage and maintain the suite of information security training and awareness products and tools, including eLearning courses, global phishing exercises, and quarterly awareness materials.
• Ensure annually required Information Security Training is completed by all associates as assigned to ensure compliance with internal policies and regulatory requirements
• Measure effectiveness of awareness tools, such as the Report Phishing Button and Quarterly Awareness Materials
• Conduct custom social engineering exercises; adapt and tailor phishing exercises to focus on role-specific requirements
• Partner and collaborate across multiple departments/business units to ensure security policies and standards are being adhered to
• Document and keep standard processes up to date for delivering awareness and training products
• Serve as the Project Manager when vendor tools require updating or Marriott plans to deploy a feature; keep the business owners within GIS, the technical subject matters experts deploying the software, and the communications team coordinated and on track.

INFORMATION SECURITY AWARENESS CAMPAIGNS

• Develop, promote, and design user-focused campaigns, communications, and resources that are impactful and relevant to security awareness; and distribute using various formats and delivery channels to target specific audiences.
• Manage, schedule, and deliver quarterly awareness campaigns, including curating and delivering materials to support awareness and adoption of information security best practices (product examples: infographics, tip sheets, microlearning, videos, etc.)
• Serve as the Project Manager to plan, schedule, coordinate and deliver annual October Cybersecurity Awareness Month (CSAM) Campaign. Provide and incorporate metrics and lessons learned from previous campaigns for continuous improvement
• Plan, schedule, coordinate and conduct ad hoc security awareness training and events, as requested (examples: roadshows, town halls, webinars, workgroups etc.)
• Maintain and evolve internal digital presence for the Information Security Awareness website on Company Intranet. Source content, write, and/or edit blurbs and short articles, webpages, etc. leveraging internal and external talent to create engaging content.
• Collaborate with company stakeholders on Security Awareness initiatives.

METRICS & REPORTING

• Use data to measure and report the effectiveness of awareness and training products through metrics and surveys; and provide feedback to Leadership in support of refining and maturing our product offerings to accelerate the security culture. 
• Work with Metrics Reporting Team to identify metrics that align with the NIST CSF, automate the process for pulling data out of GIS training and awareness tools and into the GIS Reporting Platform.  Ensure quality assurance reviews of the data are being performed regularly and on time. 

YOU ARE WHO WE ARE LOOKING FOR IF:

• You are detail-oriented, highly organized, and effective at prioritization and time management.
• You have exceptional verbal and written communication skills, and an ability to articulate compelling ideas and gain alignment.
• You have an eye for design, and are proficient in Adobe Illustrator, Photoshop and/or Canva.
• You are a strong writer and well-versed in traditional and digital communication practices.
• You are savvy at communicating content to both technical and non-technical audiences, and flex your style to suit the needs of your audience
• You use your creative talent to produce engaging materials in various formats and media, including storyboards and gamification elements.
• You have excellent and active listening skills.
• You are a self-starter with the ability to work independently, as well as be a strong team player.
• You work well in a deadline-driven environment and establish goals to deliver against the objectives of assignments to meet time, budget, and quality criteria.