Role Overview
Thisย Securityย Specialist role will serve as a lead for cybersecurity awareness & training program responsible for the execution and continuous improvement of the firm's cybersecurity awareness and training program across all Focus firms. This role serves as the primary owner for delivering engaging, effective, and riskbased cybersecurity training to employees at all levels of the organization.
Reporting to the Head of Cybersecurity Governance, this individualcontributor role works in close partnership with Legal, Privacy, Regulatory Compliance, HR, IT, andย Securityย teams to ensure training content aligns with regulatory requirements, internal policies, and evolving cyber threats. The role plays a critical part in strengthening the firm'sย securityย culture and reducing humandriven cyber risk.
This role is hybrid with 3 days per week onsite in our St. Louis office
Key Responsibilities
Cybersecurity Awareness & Training Program Delivery
- Execute the firmwide cybersecurity awareness and training program across all Focus firms.
- Deliver mandatory annualย securityย training, rolebased training, and targeted campaigns addressing key cyber risks (e.g., phishing, social engineering, data protection).
- Manage and execute phishing simulation programs, including campaign design, delivery, analysis, and followup education.
- Coordinate training rollouts, schedules, and communications to ensure consistent adoption across diverse business units.
Content Development & Continuous Improvement
- Develop, maintain, and refresh cybersecurity training content to ensure relevance, clarity, and engagement.
- Tailor training materials for different audiences, including employees, advisors, leadership, and specialized roles.
- Incorporate lessons learned from incidents, phishing results, regulatory feedback, and emerging threat trends into training content.
- Balance regulatory requirements with practical, userfriendly messaging that supports business productivity.
Regulatory, Legal & Compliance Partnership
- Work closely with Legal, Privacy, and Regulatory Compliance teams to ensure training content aligns with applicable laws, regulations, and contractual obligations.
- Support regulatory examinations, audits, and client due diligence efforts by providing training materials, metrics, and evidence.
- Maintain documentation demonstrating compliance with cybersecurity training and awareness requirements.
- Monitor regulatory expectations related toย securityย awareness and adjust training accordingly.
Measurement, Reporting & Risk Reduction
- Define and track key training and awareness metrics (e.g., completion rates, phishing susceptibility, behavioral improvements).
- Analyze trends and results to identify risk areas and inform targeted training initiatives.
- Provide regular reporting and insights to the Head of Cybersecurity Governance and other stakeholders.
- Demonstrate the effectiveness of training programs in reducing humandriven cyber risk.
CrossFunctional Collaboration
- Partner closely with Cybersecurity Risk, Engineering, and Operations teams to align training with realworld threats and controls.
- Coordinate with HR and Communications teams to support onboarding, policy acknowledgment, and changemanagement initiatives.
- Serve as a trusted advisor to business teams onย securityย awareness best practices.
Qualifications & Experience
- 5-8+ years of experience in cybersecurity awareness, training, GRC, or relatedย securityย roles.
- Handson experience delivering cybersecurity training programs in a regulated or complex environment.
- Strong understanding of common cybersecurity risks, user behavior factors, and awareness best practices.
- Experience partnering with Legal, Privacy, and Compliance teams on regulatory or auditdriven initiatives.
- Excellent communication and contentdevelopment skills, with the ability to explainย securityย concepts to nontechnical audiences.
- Highly organized and selfdirected, with the ability to manage multiple initiatives across a distributed organization.
Preferred Qualifications
- Experience in financial services or similarly regulated industries.
- Familiarity with cybersecurity frameworks and regulatory requirements (e.g., NIST CSF, NYDFS, GLBA).
- Experience with phishing simulation and training platforms.
- Professional certifications such as CISSP, CISM,ย Security+, or relevantย securityย awareness credentials
#LI-KJ2
This position is an exempt position. The annualized base pay range for this role is expected to be between $140,000-$160,000 base salary compensation range. Actual base pay may vary based on factors including, but not limited to, experience, subject matter expertise, geographic location where work will be performed, and the applicant's skill set. The base pay is just one component of the total compensation package. Other rewards may include an annual cash bonus and a comprehensive benefits package, including but not limited to medical, dental, vision, life insurance, and 401(k). Please note that the job title is subject to change based on the selected candidate's experience and education.