Security Specialist (GRC & Awareness)
Focus Financial Partners · St Louis, MO · 1 wk ago
Information Technology$140k–$160k/yrFull-time
About the role
This Security Specialist role will serve as a lead for cybersecurity awareness & training program responsible for the execution and continuous improvement of the firm’s cybersecurity awareness and training program across all Focus firms.
Responsibilities
- Execute the firm-wide cybersecurity awareness and training program across all Focus firms.
- Deliver mandatory annual security training, role-based training, and targeted campaigns addressing key cyber risks (e.g., phishing, social engineering, data protection).
- Manage and execute phishing simulation programs, including campaign design, delivery, analysis, and follow-up education.
- Cook up training rollouts, schedules, and communications to ensure consistent adoption across diverse business units.
- Develop, maintain, and refresh cybersecurity training content to ensure relevance, clarity, and engagement.
- Tailor training materials for different audiences, including employees, advisors, leadership, and specialized roles.
- Incorporate lessons learned from incidents, phishing results, regulatory feedback, and emerging threat trends into training content.
- Work closely with Legal, Privacy, and Regulatory Compliance teams to ensure training content aligns with applicable laws, regulations, and contractual obligations.
- Support regulatory examinations, audits, and client due diligence efforts by providing training materials, metrics, and evidence.
- Define and track key training and awareness metrics (e.g., completion rates, phishing susceptibility, behavioral improvements).
- Analyze trends and results to identify risk areas and inform targeted training initiatives.
- Partner closely with Cybersecurity Risk, Engineering, and Operations teams to align training with real-world threats and controls.
- Coordinate with HR and Communications teams to support onboarding, policy acknowledgment, and change-management initiatives.
- Provide regular reporting and insights to the Head of Cybersecurity Governance and other stakeholders.
Qualifications & Experience
- 5–8+ years of experience in cybersecurity awareness, training, GRC, or related security roles.
- Hands-on experience delivering cybersecurity training programs in a regulated or complex environment.
- Strong understanding of common cybersecurity risks, user behavior factors, and awareness best practices.
- Experience partnering with Legal, Privacy, and Compliance teams on regulatory or audit-driven initiatives.
- Excellent communication and content-development skills, with the ability to explain security concepts to non-technical audiences.
- Highly organized and self-directed, with the ability to manage multiple initiatives across a distributed organization.
Preferred Qualifications
- Experience in financial services or similarly regulated industries.
- Familiarity with cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, NYDFS, GLBA).
- Experience with phishing simulation and training platforms.
- Professional certifications such as CISSP, CISM, Security+, or relevant security awareness credentials.