Duties and Responsibilities:

• Reviews and develops a Statewide policy that establishes the requirements, scope, roles, responsibilities, and management commitment for security awareness and training, including privacy awareness of training ("training") that is congruent with State and Federal laws, executive orders, directives, regulations, policies, standards, and guidelines.
• Reviews, develops, plans, and coordinates the dissemination of pertinent awareness training materials that includes:
  • Initial awareness training for new employees
  • Monthly microlearning training based on current events, incident lessons learned, or the top human risks to the organization
  • Quarterly education and awareness briefings with stakeholders; d. Annual privacy training
  • Annual role-based training.
• Responsible for developing, planning, and coordinating the curriculum and resources supporting the annual security awareness summit held every October.
• Identifies key metrics to monitor for ensuring the effectiveness of the program and develops strategies to improve the metrics each performance period.
• Performs administrative duties in the security awareness training platform, including but not limited to, account provisioning/deprovisioning, report creation and delivery, campaign administration, and troubleshooting platform and user issues.
• Responsible for requirements development and the evaluation of new security awareness training platforms.
• Develops and monitors processes to ensure all appropriate employees are enrolled in the security awareness training platform and receives all mandatory and discretionary training.
• Develops and maintains awareness content for the Maryland.gov security awareness training webpage.

Minimum Qualifications:

• Minimum of 10 years' experience in the information technology field with a focus on security awareness, privacy, and/or cybersecurity
• At least five (5) years' experience designing and maturing a medium to large size organization's security awareness training program
• At least three (3) years' experience working with and/or administering the Proofpoint Security Awareness Training platform
• CISSP, CISM, CDPSE, CRISC, or CIPM certification
• Policy, process, and procedure development with the ability to translate information to respective documentation
• Ability to provide guidance and advice to management on cybersecurity education and awareness strategies
• Develop system related requirements for solicitations
• Managing or providing direct work products for security awareness training programs
• Ability to communicate and coordinate well with others, inclusive of good oral and written skills
• Ability to create executive level presentations and host virtual training sessions

Educational Requirement: Bachelor's degree from an accredited college or university with a major in Computer Science, Information Systems, Engineering, Business, or other related scientific or technical discipline