Group Specialist: Cyber Security Awareness at The Coca-Cola Company

Key Duties & Responsibilities    

• Contributing to a sustainable, long-term, cybersecurity strategy and objectives for information security training, education, and awareness programmes that achieve cultural change.
• Understanding the current culture and contributing to efforts to drive a culture of greater security consciousness.
• Contributing to the maintenance of the long-term strategy while addressing current risks.
• Serving as an internal consultant and advisor on matters relating to cyber security awareness and organisational culture.
• Contributing to the definition of processes, tools, and methodologies to ensure the continuous best practice delivery of security awareness programmes.
• Identifying and analysing the top human risks to digital security in the organisation.
• Identifying required behaviours to mitigate risks to organisational security.
• Defining achievable, observable, and measurable learning objectives (skills) for all training programs.
• Designing change pre-programmes such as marketing, training and online education programmes to mitigate the risks.
• Creating a metrics framework that can effectively measure engagement, behaviours, and impact.
• Developing new, or identifying and sourcing existing information security training, education, and awareness activities appropriate for CCBA.
• Developing information security awareness programmes that effectively motivate the desired behaviours so that employees handle data and systems in a secure manner.
• Incorporating adult learning methodologies into the design and the delivery of content.
• Applying instructional design best practices into the development of courses and curricula.
• Collaborating with information security technical colleagues to augment or further develop information security training, education, and awareness activities appropriate for campus audiences.
• Accommodating multiple learning styles into course design.
• Facilitating successful social learning experiences in online settings.
• Preparing and delivering information security training, education, and awareness activities.
• Continuously adapting and updating programmes to incorporate and address emerging technologies and risks.
• Tailoring information security training, education, and awareness programs to reduce institutional risk related to lack of training.
• Evaluating the effectiveness of existing information security training, education, and awareness program/activities.
• Taking a holistic approach to the information security awareness by using alternative mediums such as the CCBA intranet, blogs, internal publications and other printed materials that complement each other and build upon previously covered concepts.
• Organising security testing and simulation exercises and mapping the finding to risks that can be tracked in the published risk register.
• Working with external vendors and agency partners as needed to establish quotes, production schedules, delivery, and implementation of materials.
• Ensuring that all security awareness programmes meet industry regulations, standards and compliance requirements.
• Conducting security awareness committee meetings with representative stakeholders.
• Ensuring that information security awareness program communicates security policies and requirements so that people know, understand, and can follow them.
• Promoting awareness of information security policies through the creation and maintenance of an online presence that is intuitive to use, provides engaging activities to reinforce behaviours, and serves as a central repository for security guidance and references.
• Tailoring information security training, education, and awareness programs to policy and compliance objective.
• Creating policy and process documentation related to information security training, education, and awareness programs as needed.
• Ensuring users understand and periodically accept the user policies as required
• Planning milestones for deliverables and deployment and creating a plan that visualise the timeline.
• Tracking progress against milestone dates and reporting on progress.
• Managing deviations and escalating roadblocks.
• Managing project resources assigned to the project plan.
• Liaising with vendors and partners providing cyber security solutions.
• Regularly meeting with IT colleagues to identify, agree and prioritise IT Security priorities.
• Regularly meeting with the IT Cyber Security team members and his/her manager to report progress, raise issues and brainstorm solutions.

Skills, Experience & Education    
Qualifications:

• Matric / Grade 12)
• Diploma or degree in Information Technology or Industrial Psychology advantageous
• Certifications – Six or more (+ ITIL) of the following certifications is required: 
• Systems Security Certified Practitioner (SSCP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Security Auditor (CISA)
• CompTIA Security+ Certification
• ITIL Foundation
• Incumbents need to have specific knowledge of:
• Cybersecurity
• Online Learning Development
• Instructional Design

Experience:

• 6 to 8 years general work experience with at least 4 years relevant experience within IT / Cybersecurity / Risk management.
• Training Plans and material development
• Campaign design
• Cyber Security / IT Operations

Closing Date: 19th, June 2022