Manager, Security Awareness and Education
Apply locations Four Seasons Corporate Office Toronto time type Full time posted on Posted 2 Days Ago time left to apply End Date: January 19, 2025 (29 days left to apply) job requisition id REQ10333839
About Four Seasons:
Four Seasons is powered by our people. We are a collective of individuals who crave to become better, to push ourselves to new heights and to treat each other as we wish to be treated in return. Our team members around the world create amazing experiences for our guests, residents, and partners through a commitment to luxury with genuine heart. We know that the best way to enable our people to deliver these exceptional guest experiences is through a world-class employee experience and company culture.
At Four Seasons, we believe in recognizing a familiar face, welcoming a new one and treating everyone we meet the way we would want to be treated ourselves. Whether you work with us, stay with us, live with us or discover with us, we believe our purpose is to create impressions that will stay with you for a lifetime. It comes from our belief that life is richer when we truly connect to the people and the world around us.
About the location:
Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company’s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do.
*This is a 12 Month Contract*
The IT Security Awareness Manager will lead the development, delivery, and maintenance of Four Seasons’ enterprise IT Security Awareness program. Our Security Awareness leader will need to be a creative and collaborative communicator with the skills to captively engage a user community over a variety of mediums and channels.
This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Senior Director, Global IT Security. This role involves interactions with primarily internal stakeholders at various levels.
What You’ll Be Doing
Security Awareness:
- Through security awareness, deliver an overall improvement in our security posture. This is achieved by educating employees on how to identify and respond to security threats, reducing the risk of security incidents, and promoting a culture of security throughout the organization.
- Effectively collaborate with different internal teams to ensure a comprehensive and cohesive security awareness program.
- Develop and implement policies and procedures related to security awareness.
- Design and manage security awareness products and tools, including learning courses (online & offline), phishing simulations, and all other materials.
- Share responsibility in improving the maturity of the Information Security Awareness program through the development of materials, reporting metrics, and thorough reporting.
- Assess training needs for the users of security tools and services.
- Committed to staying up to date with the latest security trends, technologies, and best practices. This includes pursuing relevant certifications, attending industry events, and networking with other professionals in the field.
Who You Are
- You are detail-oriented, highly organized, and effective at prioritization and time management.
- A strong focus on delivering stakeholder satisfaction and results by anticipating and meeting stakeholder needs, expectations, and requirements.
- Creative mindset ready to provide fresh ideas on developing engaging and innovative security awareness materials.
- Demonstrates integrity and ethical behaviour in accordance with the company's values and expectations.
- Collaborative attitude is must-have. Candidate will be required to work with the Four Seasons People and Culture team to ensure Security Awareness and Education is delivered in a manner consistent with other education.
- Ability to positively influence colleagues into adopting conscious security choices in their daily work.
- Ability to adapt to changing security landscapes and adjust the awareness program accordingly. As we operate globally, the program will need to be adapted to different geographies as behaviors differ from region to region.
- A comprehensive understanding of cybersecurity principles, concepts, and technologies. This includes knowledge of common threats, vulnerabilities, and attack vectors.
- Familiarity with various security tools and technologies such as firewalls, intrusion detection systems, endpoint protection, and data encryption technologies is essential.
- Familiarity with a variety of the information security, networking, and governance concepts, practices, and procedures.
- Knowledge of industry standards such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls is critical to ensure that the security program is aligned with best practices.
- Strong knowledge of incident response processes and procedures.
- Ability to clearly communicate with technical and non-technical stakeholders is essential.
- Thorough understanding of regulatory and compliance requirements, such as PCI-DSS, GDPR, CCPA, etc.
- Understanding of information security principles, including confidentiality, integrity, and availability, and familiarity with cybersecurity frameworks such as NIST Cybersecurity Framework.
- The need to be empathetic to the challenges faced by employees in their daily work. Must be able to consider and take their perspectives to further strengthen the Security Awareness program.
- The ability to stay abreast of industry best practices and emerging trends in Security Awareness and Education, and continuously update knowledge and skills.
- Develop, implement, and manage Security Awareness policies and procedures.
- Measure effectiveness of awareness tools, such as Phishing Reporter, Phishing Simulations, and other awareness materials.
- Develop messages and presentations for leadership teams to communicate the roadmap of the Security Awareness Program. Empower leaders to spread IT security awareness with relevant and compelling information.
- Ensure annually required Security Awareness Training is completed by colleagues to ensure compliance with internal policies and regulatory requirements.
- Manage third-party vendor relationships and ensure that vendors comply with the organization's policies and procedures.
- Develop and deliver internal table-top scenarios and education programs for internal IT Teams.
- Use awareness and training data to measure and report on the effectiveness of the Security Awareness Program. Identify metrics that align with the NIST CSF.
What You Bring
- Bachelor’s degree or equivalent business qualifications.
- 4+ years of experience in building, running and/or supporting comprehensive training and awareness programs.
- Strong understanding of security best practices including NIST CSF, PCI DSS, and other leading control frameworks.
- Experience developing and implementing IT Security Awareness policies and procedures.
- Ability to work collaboratively with internal stakeholders across the organization.
- Excellent communication skills, both verbal and written.
- Strong analytical skills and attention to detail.
- Strong understanding of network, application, and other technical security controls.
- Ability to manage multiple projects and priorities simultaneously.
- Certified Security Awareness Practitioner (CSAP) and/or SANS Security Awareness Professional (SSAP).
- Professional certification such as CISSP or CISM is a plus.
- Information Security Certification or Accreditation an asset.
This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid
Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.