Security Awareness Training Manager Jobs (NOW HIRING)

• Monitor, triage, and respond to security alerts across endpoint, email, and SIEM platforms
• Investigate security incidents impacting:
  • GMP systems and regulated environments
  • SOX in-scope systems (financial applications, identity systems, etc.
• Execute incident response procedures aligned with validated and auditable processes
• Maintain detailed, audit-ready documentation of all incidents and remediation actions

• Administer and implement CrowdStrike Falcon for endpoint detection and response (EDR)
• Manage Abnormal Security for phishing, business email compromise (BEC), and account takeover threats
• Perform vulnerability assessments using Rapid7 InsightVM
• Oversee KnowBe4 security awareness training and phishing simulations
• Coordinate with SIEM platforms for log analysis and threat correlation

• Support SOX ITGC control execution and evidence collection, including:
  • User Access Reviews (UARs)
  • Logical access controls (joiner/mover/leaver processes)
  • Change management controls
  • Logging and monitoring controls
• Prepare and maintain audit-ready documentation for SOX compliance testing
• Coordinate with Finance and IT teams on control execution and remediation

• Draft, review, and maintain information security policies, standards, and SOPs aligned with:
  • GxP requirements (GMP, GCP, GLP)
  • SOX IT General Controls
  • 21 CFR Part 11 (where applicable)
• NIST CSF, NIST 800-53, or CIS Controls
• Ensure all policies are version-controlled, formally approved, and audit-ready
• Partner with IT, Finance, QA, and Compliance to align controls across regulated and financial systems

• Support internal and external audits including SOX, FDA, SOC 2, and regulatory inspections
• Prepare control evidence and documentation packages
• Track audit findings and coordinate remediation activities
• Maintain relationships with internal audit and external assessors

• Conduct regular vulnerability scans across the environment
• Prioritize remediation based on:
  • Regulatory impact (GMP systems)
  • Financial/reporting risk (SOX systems)
  • Threat landscape and exploitability
• Coordinate remediation through appropriate change control processes
• Track and document remediation evidence for compliance reporting

• Administer security awareness training programs for all staff
• Deliver targeted training for users with access to:
  • Regulated systems
  • Financial/SOX in-scope systems
• Conduct phishing simulation campaigns and analyze results
• Track training metrics and maintain compliance records

• Develop and maintain security playbooks, SOPs, and runbooks
• Contribute to security metrics, KPIs, and executive reporting
• Identify gaps in controls, detection capabilities, and governance processes
• Recommend and implement security improvements aligned with business objectives

• Strong experience with Endpoint Detection & Response (EDR) platforms
  • CrowdStrike Falcon highly preferred, or equivalent (Carbon Black, SentinelOne, Microsoft Defender for Endpoint)
• Hands-on experience with vulnerability management tools
  • Rapid7 InsightVM preferred, or equivalent (Qualys, Tenable, Nexpose)
• Experience with email security platforms
  • Abnormal Security, Proofpoint, Mimecast, or similar
• Familiarity with security awareness platforms
  • KnowBe4 or equivalent
• Working knowledge of SIEM tools and log analysis (Splunk, Microsoft Sentinel, or similar)

Compliance & Governance

• Proven experience with SOX ITGC controls including:
  • User access reviews and recertifications
  • Logical access provisioning and deprovisioning
  • Change management oversight
  • Audit evidence collection
• Understanding of GMP (Good Manufacturing Practice) requirements and regulated system controls
• Experience supporting security and compliance audits
• Strong documentation and evidence management skills with an audit-ready mindset

Core Competencies

• Exceptional attention to detail and commitment to process adherence
• Analytical and investigative thinking for threat analysis
• Strong written and verbal communication skills
• Ability to translate technical security concepts for non-technical stakeholders
• Proven collaboration skills across IT, Finance, QA, and Compliance teams
• Self-motivated with ability to manage multiple priorities in a dynamic environment