Information Security Awareness Program Specialist (Contract)
Overview
As a member of the Hexagon Corporate Information Security - Governance, Risk and Compliance (GRC) Team, you will report to Hexagon’s Director of Cyber Security - GRC. As an Information Security Awareness Program Specialist (Contract), you will work closely with Corporate Information Security team members and divisional cross-functional teams assisting in managing information security risks. Your role will be crucial in several areas such as policy management, administering, promoting, and enhancing our information security awareness program across the organisation while also ensuring Hexagon meets all applicable information security compliance standards and regulations.
The Location: Hexagon is a global company with offices located around the world. This position is based remotely in the UK, or Europe.
Responsibilities
Specific responsibilities of the Information Security Awareness Program Specialist (Contract) include, but are not limited to:
- Plan, organize, manage and evaluate the Hexagon Information Security Awareness Training Program used to educate personnel about potential threats and the importance of information security best practices.
- Reviewing, analysing, and communicating the status of reports/KPIs/metrics concerning the Hexagon Information Security Awareness Training Program.
- Manage relationships with security education and awareness related vendors.
- Assisting in defining, assessing, managing, and communicating Hexagon’s Information Security policies and procedures to ensure compliance with business goals, risk management objectives, and compliance requirements.
- Assisting in ensuring operational effectiveness by participating in regular external and internal audits.
- Communicating with technical and non-technical stakeholders on information security risk and controls management topics.
- Staying up to date on current cybersecurity threats, vulnerabilities, trends, best practices, and regulations.
- Other responsibilities as required.
Qualifications
Must-Have:
- Minimum three (3) years of experience in information security, with a focus on awareness, education, and its administration within a large organisation.
- Demonstrated experience in developing, managing, and communicating information security policies and procedures in a large organisation.
- Experience with running phishing campaigns.
- Excellent oral and written communication and interpersonal skills, ability to build relationships with technical and non-technical audiences.
- Strong understanding of information security principles, frameworks, and best practices.
- Good working knowledge of cybersecurity risk management and risk mitigation strategies.
- Attitude and aptitude to learn a new product area/domain quickly.
- English (fluent written and verbal) is a pre-requisite.
Nice-to-Have:
- Knowledge and experience of information security standards and compliance requirements such as ISO 27001, NIST, GDPR, CMMC, TISAX, etc.
- Evidence of ongoing professional education within related subject.
- One or more relevant certifications would be advantageous.
- Sustain effective engagement and take ownership, demonstrate a sense of urgency, and ensure accuracy and quality.
- Project management best practices & methodologies.
- Data querying and manipulation.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
