Security Policy, Risk and Awareness Lead

29 Jun 2024

Vacancy expired!

About DMI

DMI (Digital Management, LLC.) is a global technology solutions company that specializes in digital strategy, design, transformation and support. Utilizing expertise from six unique DMI Groups, in the areas of AI & Analytics, Commerce, Experience, Managed Services, Transformation, and Government, DMI delivers intelligent digital transformation solutions that meet organizations where they are. Born digital, DMI has been delivering mission-critical, enterprise grade solutions since 2002 for over a hundred Fortune 1000 enterprises and all fifteen U.S. Federal Departments. DMI has grown to 2,000+ employees globally and has been continually recognized by top industry analysts as market leader as well as a Top Place to Work by the Washington Post. DMInc.com | Careers | Twitter | LinkedIn | Facebook

About the Opportunity

DMI (Digital Management, LLC.) is looking for a

Security Awareness Lead with project lead experience and hands-on security awareness program experience. The Security Awareness Lead will be responsible for overall management the Security Awareness Program within the State of Maryland Department of Health (MDH). The Security Awareness Lead will report to MDH Chief Information Security Officer (CISO) or his designee. The role will be responsible for the following:

Responsibilities:

  • Plan, develop, and implement security awareness programs for non-technology personnel.
  • Identify the top human risks at MDH and the behaviors that need to change to mitigate those risks.
  • Ensure the security awareness program meets all industry regulations, standards, and compliance requirements.
  • Ensure that our security awareness program communicates MDH security policies and requirements to drive change in the security culture and behaviors among MDH personnel.
  • Develop metrics that can measure completion of monthly training and the effectiveness of the program in facilitating a secure culture and behaviors toward minimizing operating risk at MDH.
  • Build rapport with MDH stakeholders to increase visibility and championship of the Security Awareness Program.
  • Enumerate and enroll MDH personnel in required security awareness training modules, and track and maintaining the enrollment status.
  • Plan, schedule, and coordinate annual security awareness training campaigns.
  • Plan, schedule and coordinate ad hoc security awareness training.
  • Monitor security awareness training non-compliance and follow up with individual departments to improve participation.
  • Plan, schedule, and conduct security awareness events to include roadshows, town halls, webinars, workgroups etc.
  • Develop and execute a creative communications plan to engage MDH personnel all year around on security awareness topics using existing organization communication channels and forums i.e., e-newsletters, employee portal, personnel onboarding, all-hands events, posters, news boards.
  • Define, develop, and implement Security Awareness Program reports and prepare reports on the status of security awareness projects and associated milestones.
  • Plan, schedule, and communicate status of Security Awareness Program efforts to key stakeholders to include monthly scheduled reports and ad hoc reports.
  • Develop and implement a roadmap to mature the Security Awareness Program long-term i.e., leveraging tools such as SAN Security Awareness Maturity Model.
  • Maintain knowledge of applicable security awareness industry best practices.
  • Define, develop, and implement, security awareness policies, processes, and procedures for to support and maintain the Security Awareness Program.
  • Other duties pertaining to security awareness.

Qualifications

Education and Years of Experience:

  • At least eight (8) years of hands-on experience planning, executing, monitoring, and controlling, and successfully closing security awareness program tasks.
  • At least five (5) years of experience leading security awareness efforts/campaigns.
  • At least five (5) years of developing, implementing, and maintaining security awareness training programs.
  • Associates or bachelor's degree from an accredited college or university with a major in Cybersecurity, Information Systems, Psychology, Communications, or related discipline.

Required Skills/Certifications:
  • At least 1 security management industry certifications such as CISSP, CISM, CRISC.
  • Self-starter, able to work independently, establish priorities and self-manage to complete task within deadlines that are responsive to client needs.
  • Ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel.
  • Confidently develops and delivers presentations and able to respond to questions.
  • Ability to effectively contribute to and lead/facilitate working groups and town halls.
  • Project management experience, the ability to plan, manage and maintain a complex, organization wide program over the longer term.
  • Display practical knowledge of different message distribution techniques to ensure end user communities understand and continually apply the required behavioral change necessary to reduce the 'human factors' risk.
  • Desire to learn and integrate new capabilities in digital technology, such as audio, video, social media, online communities, blogs, and other web-based technologies.
  • Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including storyboards, user guides, and gamification elements
  • Able to define achievable, observable, and measurable learning objectives (skills) into training programs
  • Customer-oriented with excellent issue follow-through and resolution abilities.
  • Understanding of the concepts of information risks and the different elements that make up risk. In addition, have at a minimum a basic understanding of the different concepts of information security.

Desired Skills/Certifications:

  • Experience with NIST SP800-50 publication guidance for security awareness programs.
  • Experience establishing and running a security assessment programs.
  • Experience with project management and/or PMP or relevant industry project management certifications
  • Other relevant industry certifications.

Min. Citizenship Status Required: U.S Citizenship.

Physical Requirement(s): None.

Location: Remote work allowed, but local candidates only. Position requires travel and coordination of local program activities.

Working at DMI

DMI is a diverse, prosperous and rewarding place to work. Being part of the DMI family means we care about your wellbeing. As such, we offer a variety of perks and benefits that help meet various interests and needs, while still having the opportunity to work directly with a number of our award winning, Fortune 1000 clients. The following categories make up your DMI wellbeing:
  • Community - Blood drives, volunteering opportunities, Holiday parties, summer picnics, Tech Chef, Octoberfest just to name a few ways DMI comes together as a community.
  • Convenience/Concierge - Virtual visits through health insurance, pet insurance, commuter benefits, discount tickets for movies, travel and many other items to provide convenience.
  • Development - Annual performance management, continuing education and tuition assistance, internal job opportunities along with career enrichment and advancement to help each employee with their professional and personal development.
  • Financial - Generous 401k match for both pre-tax and post-tax (ROTH) contributions along with financial wellness education, EAP, Life Insurance and Disability help provide financial stability for each DMI employee.
  • Recognition - Great achievements do not go unnoticed by DMI through Annual Awards ceremony, service anniversaries, peer-to-peer acknowledgement through Give-A-Wow, employee referral bonuses.
  • Wellness - Healthcare benefits, Wellness programs, Flu Shots, Biometric screenings, on-site lactation rooms provide employees with several wellness options.
Employees are valued for their talents and contributions. We all take pride in helping our customers achieve their goals, which in turn contributes to the overall success of the company.

The company does and will take affirmative action to employ and advance in employment individuals with disabilities and protected veterans, and to treat qualified individuals without discrimination on the basis of their physical or mental disability or veteran status. DMI is an Equal Opportunity Employer Minority/Female/Veterans/Disability. DMI maintains a drug-free workplace.

No Agencies Please

Applicants selected may be subject to a government security investigation and must meet eligibility requirements for access to classified information. US citizenship may be required for some positions.

#LI-CA1

  • ID: #43675177
  • State: Maryland Baltimore 21201 Baltimore USA
  • City: Baltimore
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2022-06-29
  • Deadline: 2022-08-27
  • Category: Et cetera