Ryder System Information Security Policy and Awareness Analyst in MIAMI, Florida

Position Description

The Information Security Policy and Awareness Analyst is responsible for the development, review, implementation, and maintenance of the organization's information security awareness program to raise the general level of awareness of information security and to influence safety attitudes and behaviors across the employee population. The Analyst's role lies within the Enterprise Information Security function, reporting to the Manager of IT Governance, Risk, and Compliance. The Analyst is also closely aligned with other corporate functions such as Human Resources, Risk Management, Compliance and Information Technology, and may involve liaison with or management of third party suppliers of awareness and training materials and services. The Analyst is expected to develop and deliver awareness and training materials in person, hands-on, as well as through learning management systems and security awareness ambassadors within the organization.

Requirements

  • Bachelor's degree in Communications, Business, or Information Security

  • Master's degree in Communications, Business, or Information Security preferred

  • Three years or more experience with social engineering/user awareness education services: KnowBe4, PhishMe/Cofense, ThreatSim and/or SANS Securing the Human Program

  • Strong verbal communication and listening skills. A natural teacher, good at putting points across engagingly and enthusiastically and inspiring students to take an interest in information security

  • Ability to influence internal and/or external constituents and others to modify their opinions, plans, or behaviors

  • Exposure to and familiarity with relevant standards such as ISO/IEC 27001 and 27002, NIST 800, and COBIT, and applicable laws related to information security and privacy (e.g., GDPR, PCI-DSS, SOX, HIPAA) (intermediate level) preferred

  • Demonstrable experience as a teacher or trainer responsible for awareness and training activities – ideally on information security otherwise similar technical training or adult education (beginner level) preferred

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Privacy Professional (CIPP)

Responsibilities

  • Identify top human risks to the organization and the behaviors that must change to mitigate those risks. Develop, review, implement, and maintain a security awareness training programs to mitigate human risks. Ensure security awareness programs meet all industry regulations, standards, and compliance requirements and that employees and third parties understand, acknowledge, and fulfill all applicable enterprise information security policies

  • Develop new, or update existing, Information Security policies, standards and procedures to be reviewed by management. Coordinate reviews with other teams. Ensure employees and third parties understand, acknowledge, and fulfill all applicable information security policies. Ensure policies and supporting documents are reviewed annually and as needed

  • Create a metrics framework that effectively measures compliance with information security policies and addresses responsible use of technology resources and outlines sanctions for non compliance with policies procedures and standards. Measures the impact of training campaigns in promoting awareness and behavior change

  • Develop, plan, coordinate and deliver engaging on-ground security awareness fairs and outreach sessions at various company locations, including international, on a regular basis throughout the year. Work with multiple company stakeholders to develop “security ambassadors” or “security advisers” at various business locations

  • Liaise with security awareness vendors to explore educational videos, newsletters and other materials

  • Review alerts published by FBI, US-Cert and other organizations to keep up-to-date on threat awareness posture

  • Provide assistance with other information security, risk and compliance projects and initiatives as assigned

  • Participate, as time allows, in organizations such as SANS global community to learn and share security awareness training ideas from other organizations and/or agencies

  • Assist with testing and implementation of the training in multiple languages for domestic and international business operations

  • Performs other duties as assigned

Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.

Requisition ID 2018-63480

Category Information Technology

Employment Type Regular - Full Time (4)

Travel Requirements 10-20%

Position Code 7888