Ryder System Information Security Policy & Awareness Analyst - REMOTE in Richmond, Virginia
If you are a current employee at Ryder (not a Contractor or temporary employee through a staffing agency), please click here (http://wd5.myworkday.com/ryder/d/task/1422$3.htmld) to log in to Workday to apply using the internal application process. To learn how to apply for a position using the Career worklet, please review this quick reference guide (https://rydersystems.service-now.com/sys_attachment.do?sys_id=a39f83621bd99050632a4223cd4bcb91) .
You are the driving force behind our company.
Start your career with Ryder today!
The Information Security Policy & Awareness Analyst is responsible for the development, review, implementation, and maintenance of the organization's information security awareness program to raise the general level of awareness of information security and to influence safety attitudes and behaviors across the employee population. The Analyst's role lies within the Enterprise Information Security function, reporting to the Manager of IT Governance, Risk, and Compliance. The Analyst is also closely aligned with other corporate functions such as Human Resources, Risk Management, Compliance and Information Technology, and may involve liaison with or management of third party suppliers of awareness and training materials and services. The Analyst is expected to develop and deliver awareness and training materials in person, hands-on, as well as through learning management systems and security awareness ambassadors within the organization.
Identify top human risks to the organization and the behaviors that must change to mitigate those risks. Develop, review, implement, and maintain a security awareness training programs to mitigate human risks. Ensure security awareness programs meet all industry regulations, standards, and compliance requirements and that employees and third parties understand, acknowledge, and fulfill all applicable enterprise information security policies.
Develop new, or update existing, Information Security policies, standards and procedures to be reviewed by management. Coordinate reviews with other teams. Ensure employees and third parties understand, acknowledge, and fulfill all applicable information security policies. Ensure policies and supporting documents are reviewed annually and as needed.
Create a metrics framework that effectively measures compliance with information security policies and addresses responsible use of technology resources and outlines sanctions for non compliance with policies procedures and standards. Measures the impact of training campaigns in promoting awareness and behavior change.
Develop, plan, coordinate and deliver engaging on-ground security awareness fairs and outreach sessions at various company locations, including international, on a regular basis throughout the year. Work with multiple company stakeholders to develop “security ambassadors” or “security advisers” at various business locations.
Liaise with security awareness vendors to explore educational videos, newsletters and other materials.
Review alerts published by FBI, US-Cert and other organizations to keep up-to-date on threat awareness posture.
Performs other duties as assigned.
Provide assistance with other information security, risk and compliance projects and initiatives as assigned.
Participate, as time allows, in organizations such as SANS global community to learn and share security awareness training ideas from other organizations and/or agencies.
Assist with testing and implementation of the training in multiple languages for domestic and international business operations.
Bachelor's degree in Education, Communications, Business, Information Security.
Master's degree in Education, Communications, Business, Information Security preferred.
- Three (3) years or more experience with social engineering/user awareness education services: KnowBe4, PhishMe/Cofense, ThreatSim and/or SANS Securing the Human Program.
Strong verbal communication and listening skills. A natural teacher, good at putting points across engagingly and enthusiastically and inspiring students to take an interest in information security.
Ability to influence internal and/or external constituents. An ability to effectively influence others to modify their opinions, plans, or behaviors.
Exposure to and familiarity with relevant standards such as ISO/IEC 27001 and 27002, NIST 800, and COBIT, and applicable laws related to information security and privacy (e.g., GDPR, PCI-DSS, SOX, HIPAA); intermediate level; preferred.
Demonstrable experience as a teacher or trainer responsible for awareness and training activities – ideally on information security otherwise similar technical training or adult education.; beginner level; preferred.
- Other Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), or Certified Information Privacy Professional (CIPP) (Upon Hire, preferred).
0 - 5 %
Job Category: Information Security
Ryder is proud to be an Equal Opportunity Employer and Drug Free workplace. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, among other things, or status as a qualified individual with disability.