Associate Principal - Security Awareness Analyst
Who We Are
The Options Clearing Corporation (OCC) is the world's largest equity derivatives clearing organization. Founded in 1973, OCC is dedicated to promoting stability and market integrity by delivering clearing and settlement services for options, futures and securities lending transactions. As a Systemically Important Financial Market Utility (SIFMU), OCC operates under the jurisdiction of the U.S. Securities and Exchange Commission (SEC), the U.S. Commodity Futures Trading Commission (CFTC), and the Board of Governors of the Federal Reserve System. OCC has more than 100 clearing members and provides central counterparty (CCP) clearing and settlement services to 19 exchanges and trading platforms. More information about OCC is available at www.theocc.com.
What We Offer
A highly collaborative and supportive environment developed to encourage work-life balance and employee wellness. Some of these components include:
A hybrid work environment, up to 3 days per week of remote work
Tuition Reimbursement to support your continued education
Student Loan Repayment Assistance
Technology Stipend allowing you to use the device of your choice to connect to our network while working remotely
Generous PTO and Parental leave
Competitive health benefits including medical, dental and vision
What You'll Do:
The Associate Principal - Security Awareness Analyst works closely with other members of the Security Services, Organizational Development, Corporate Communications, and Information Technology departments on Security Awareness and Training initiatives, projects, content creation, and operations. The Security Awareness Analyst is an experienced liaison, trainer, and content creator. They operate with a minimum of supervision from the Group lead. This person also consults on issues regarding translation of current and future security operations into content and outreach that influences positive behaviorial change in OCC Information System users as part of an integrated human risk management program.
Primary Duties and Responsibilities:
To perform this job successfully, an individual must be able to perform each primary duty satisfactorily.
Apply understanding of human nature, social science, cybersecurity fundamentals, and organizational culture to identify areas where corrective action may need to be taken to pre-empt developing threats and/or mitigate existing threats rooted in human risk management
Support Computer-Based Training (CBT) content administration and reporting on OCC’s Learning Management System (LMS, a.k.a. “Workday Learning”)
Track training assignments, temporary exemptions, warning notices, and user access suspensions for multiple simultaneous training products
Support the development, optimization, and delivery of Security Awareness training products in the form of Computer-Based Training modules and live, instructor-led presentations
Present New Hire Orientation briefings on Security Awareness on-boarding activities for new full-time employees
Write original articles and edit draft articles for publication on the company intranet, on OCC’s Slack channels, and for special outreach channels
Develop bespoke passive awareness content (e.g., desk cards, posters, fliers, etc.) for deployment at OCC facilities
Support the Clean Desk Inspection process, including coordinating the inspection of staff, compiling and submitting inspection reports, and administering remedial training
Support the Phishing Awareness Program by designing, launching, and assessing simulated attacks on the user population
Develop bespoke Role-Based Training modules and remedial training content (e.g., CBTs, live presentations, recorded messages, et al) optimized for user requirements
Support collection and reporting of Security Awareness Program metrics
Support the OCC Management Control Self-Testing program by gathering evidence to support monthly, quarterly, and on-demand data calls
Support importation and customization of commercial/third party off-the-shelf Security training content into OCC’s training products
Create interoperability protocols and relationships with supporting agencies (e.g., Cyber Operations, Threat Operations, et al) for the Group’s situational awareness
Act as a Group liaison between Security Department, Corporate Communications, Organizational Development, Compliance, and Internal Audit
Support the frequent modification of program doctrinal products (e.g., policies, procedures) and change process steps accordingly
Explain group process steps and evidentiary materials to auditors, inspectors, regulators, reviewers, stakeholders, and third parties
Convert mock-up and design materials for live training courses into functional CBT modules using Articulate 360 Storyline
Support the administration of the cybersecurity workforce program, including planning and tracking group and individual training requirements
Supervisory Responsibilities:
- None
Qualifications:
The requirements listed are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the primary functions.
Highly motivated individual that assumes ownership of their assignments
Inquisitive nature, regarding the cybersecurity field
Strong desire to learn new practical skills and academic concepts
Exceptional verbal communication skills that include the ability to articulate ideas clearly and concisely
Excellent listening, interviewing, and observation skills
Ability to facilitate and document meetings and conversations
Write with precision and accuracy at multiple levels of technical sophistication (e.g., for non-technical and highly technical audiences)
Highly collaborative; comfortable sharing ideas and asking questions with all levels of staff
Ethic to work independently on multiple projects without missing deadlines
Strong attention to detail
Learn new technologies quickly and thoroughly
Recognize, de-construct, and explain disinformation, fake news, phishing lures, and social engineering attacks
Adapt to changing business priorities
Technical Skills:
Intermediate business computer skills (e.g., Microsoft Office 365 applications, including Microsoft Visio)
Exposure to Adobe Creative Suite applications and their interfaces (e.g., Photoshop, Illustrator, et al)
Exposure to audio editing software tools and audio post-processing concepts (e.g., Audacity, Logic Pro, et al)
Ability to learn and use CBT creation tools (e.g., Articulate 360 Storyline, Adobe Captivate, et al)
Ability to learn and use Phishing Simulation and Triage tools (e.g., Cofense PhishMe, KnowBe4 PhishER, et al)
Basic knowledge of adult learning theory and techniques
Basic knowledge of social science (e.g., sociology, anthropology, criminology, psychology, et al)
Experience with Computer-Based Training delivery and with Learning Management Systems in general
Basic understanding of cyber security concepts and practices
Strong understanding of deception-based attacks (e.g., phishing, social engineering, fraud, etc.)
Basic understanding of information related frameworks and standards such (e.g., COBIT, NIST 800-53, NIST CSF, et al)
Experience in working with regulatory frameworks and requirements relevant to OCC (e.g., RegSCI, et al)
Basic understanding of security workforce frameworks and professional education (e.g., NIST NICE CWF, et al)
Education and/or Experience:
Bachelor’s degree or the equivalent combination of education and/or relevant experience
Knowledge of cyber security concepts, practices, and standards
5+ Years previous work in training and content development applicable to the position requirements
Certificates or Licenses:
SANS Security Awareness Practioner (SSAP) credential or equivalent preferred (but not required)