Who We Are

The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.

What We Offer

A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:

A hybrid work environment, up to 3 days per week of remote work

Tuition Reimbursement to support your continued education

Student Loan Repayment Assistance

Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely

Generous PTO and Parental leave

Competitive health benefits including medical, dental and vision

What You'll Do:

The Associate Principal - Security Awareness Analyst works closely with other members of the Security Services, Organizational Development, Corporate Communications, and Information Technology departments on Security Awareness and Training initiatives, projects, content creation, and operations. The Security Awareness Analyst is an experienced liaison, trainer, and content creator. They operate with a minimum of supervision from the Group lead. This person also consults on issues regarding translation of current and future security operations into content and outreach that influences positive behaviorial change in OCC Information System users as part of an integrated human risk management program.

Primary Duties and Responsibilities:

To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.

• Apply understanding of human nature, social science, cybersecurity fundamentals, and organizational culture to identify areas where corrective action may need to be taken to pre-empt developing threats and/or mitigate existing threats rooted in human risk management

• Support Computer-Based Training (CBT) content administration and reporting on OCC’s Learning Management System (LMS, a.k.a. “Workday Learning”)

• Track training assignments, temporary exemptions, warning notices, and user access suspensions for multiple simultaneous training products

• Support the development, optimization, and delivery of Security Awareness training products in the form of Computer-Based Training modules and live, instructor-led presentations

• Present New Hire Orientation briefings on Security Awareness on-boarding activities for new full-time employees

• Write original articles and edit draft articles for publication on the company intranet, on OCC’s Slack channels, and for special outreach channels

• Develop bespoke passive awareness content (e.g., desk cards, posters, fliers, etc.) for deployment at OCC facilities

• Support the Clean Desk Inspection process, including coordinating the inspection of staff, compiling and submitting inspection reports, and administering remedial training

• Support the Phishing Awareness Program by designing, launching, and assessing simulated attacks on the user population

• Develop bespoke Role-Based Training modules and remedial training content (e.g., CBTs, live presentations, recorded messages, et al) optimized for user requirements

• Support collection and reporting of Security Awareness Program metrics

• Support the OCC Management Control Self-Testing program by gathering evidence to support monthly, quarterly, and on-demand data calls

• Support importation and customization of commercial/third party off-the-shelf Security training content into OCC’s training products

• Create interoperability protocols and relationships with supporting agencies (e.g., Cyber Operations, Threat Operations, et al) for the Group’s situational awareness

• Act as a Group liaison between Security Department, Corporate Communications, Organizational Development, Compliance, and Internal Audit

• Support the frequent modification of program doctrinal products (e.g., policies, procedures) and change process steps accordingly

• Explain group process steps and evidentiary materials to auditors, inspectors, regulators, reviewers, stakeholders, and third parties

• Convert mock-up and design materials for live training courses into functional CBT modules using Articulate 360 Storyline

• Support the administration of the cybersecurity workforce program, including planning and tracking group and individual training requirements

Supervisory Responsibilities:

• None

Qualifications:

The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.

• Highly motivated individual that assumes ownership of their assignments

• Inquisitive nature, regarding the cybersecurity field

• Strong desire to learn new practical skills and academic concepts

• Exceptional verbal communication skills that include the ability to articulate ideas clearly and concisely

• Excellent listening, interviewing, and observation skills

• Ability to facilitate and document meetings and conversations

• Write with precision and accuracy at multiple levels of technical sophistication (e.g., for non-technical and highly technical audiences)

• Highly collaborative; comfortable sharing ideas and asking questions with all levels of staff

• Ethic to work independently on multiple projects without missing deadlines

• Strong attention to detail

• Learn new technologies quickly and thoroughly

• Recognize, de-construct, and explain disinformation, fake news, phishing lures, and social engineering attacks

• Adapt to changing business priorities

Technical Skills:

• Intermediate business computer skills (e.g., Microsoft Office 365 applications, including Microsoft Visio)

• Exposure to Adobe Creative Suite applications and their interfaces (e.g., Photoshop, Illustrator, et al)

• Exposure to audio editing software tools and audio post-processing concepts (e.g., Audacity, Logic Pro, et al)

• Ability to learn and use CBT creation tools (e.g., Articulate 360 Storyline, Adobe Captivate, et al)

• Ability to learn and use Phishing Simulation and Triage tools (e.g., Cofense PhishMe, KnowBe4 PhishER, et al)

• Basic knowledge of adult learning theory and techniques

• Basic knowledge of social science (e.g., sociology, anthropology, criminology, psychology, et al)

• Experience with Computer-Based Training delivery and with Learning Management Systems in general

• Basic understanding of cyber security concepts and practices

• Strong understanding of deception-based attacks (e.g., phishing, social engineering, fraud, etc.)

• Basic understanding of information related frameworks and standards such (e.g., COBIT, NIST 800-53, NIST CSF, et al)

• Experience in working with regulatory frameworks and requirements relevant to OCC (e.g., RegSCI, et al)

• Basic understanding of security workforce frameworks and professional education (e.g., NIST NICE CWF, et al)

Education and/or Experience:

• Bachelor’s degree or the equivalent combination of education and/or relevant experience

• Knowledge of cyber security concepts, practices, and standards

• 5+ Years previous work in training and content development applicable to the position requirements

Certificates or Licenses:

• SANS Security Awareness Practioner (SSAP) credential or equivalent preferred (but not required)