Cybersecurity Culture and Awareness Analyst

This is an opportunity to join Ascot Group - one of the world’s preeminent specialty risk underwriting organizations.

Designed as a modern-era company operating through an ecosystem of interconnected global operating platforms, we’re bound by a common mission and purpose: One Ascot. Our greatest strength is a talented team who flourishes in a collaborative, inclusive, and entrepreneurial culture, steeped in underwriting excellence, integrity, and a passion to find a better way, The Ascot Way.

The Ascot Way guides our people and our organization. Our underwriting platforms collaborate to find creative ways to deploy our capital in a true cross-product and cross-platform approach. These platforms work as one, deploying our capital creatively through our unique Fusion Model: Client Centric, Risk Centric, Technology Centric.

Built to be resilient, Ascot maximizes client financial security while delivering bespoke products and world class service — both pre- and post-claims. Ascot exists to solve for our clients’ brightest tomorrow, through agility, collaboration, resilience, and discipline.

Job Summary:

The Cybersecurity Culture and Awareness Analyst will join Ascot’s Cybersecurity Governance, Risk & Compliance (GRC) function and will work on several activities across the GRC function, with a primary focus on promoting a strong Cybersecurity Awareness Culture throughout the organization. 

In this role, you will be responsible for designing, developing, and delivering effective Cybersecurity training programs for our employees. You will also develop, execute, and monitor methods to evaluate cybersecurity awareness of colleagues for continuous improvement purposes. Additionally, you will be responsible for creating and implementing effective communication strategies to keep company assets secure and employees informed, engaged and cyber-safe using various channels and formats. This is a global role with a unique opportunity to participate in activities across the GRC function and to interact with colleagues at all levels across the entire organization.  This role will be in the office with a hybrid work schedule. 

Responsibilities: 

• Cybersecurity Training:
  • Assess the learning needs of the different role and audience demographics, designing and customizing training materials tailored to those needs.
  • Liaise with subject matter experts to develop and deliver comprehensive training programs focused on diverse Cybersecurity topics. 
  • Evaluate the effectiveness of training programs through feedback and statistics.
  • Collaborate with IT, HR, Legal and Compliance teams to ensure training aligns with organizational policies and regulatory requirements (e.g., NY DFS, GDPR, NIST, ISO 27001).
• Awareness Communications:
  • Educate Users so that they are better prepared to understand, identify and respond to potential cyber threats via the following methods: Marketing Newsletter, Blog Posts, Cybersecurity Hub content, AI/Deepfake technology, Cyber Champions network and Roadshows.
  • Stay up to date with the latest trends, technologies, and threats in the Cybersecurity landscape to ensure training materials stay current and relevant.
  • Create customized and engaging communications content.
• Phishing and Social Engineering Simulations:
  • Develop and execute simulations across the Ascot organization.
  • Monitor the actions taken by colleagues on simulations and utilize the consequence management process to improve colleague response.
• Human Risk Management:
  • Identify and target key audiences and channels for communications and additional training based on attack potential data and other criteria.
• Policies and Standards Maintenance:
  • Coordinate updates to the cybersecurity policies and standards, managing the annual review, update and release cycle. 
• Perform ad hoc efforts in support of other Cybersecurity GRC functions as needed. 
  • Build, manage and maintain relationships with training vendors, and constantly evaluate vendor capabilities and partnerships. 
• Identify emerging technologies, and methods to promote cybersecurity awareness and engagement throughout the organization.
• Commit to The Ascot Way: Demonstrate The Ascot Way in their daily interaction with colleagues, fostering colleague engagement and development, collaboration, inclusivity, and individual accountability.

Requirements:

• Minimum of 3 years of experience leading a cybersecurity training and awareness program. 
• Bachelor's degree in related fields or equivalent work experience.
• Solid understanding of cybersecurity concepts, threats, and best practices.
• Experience with Learning Management Systems (LMS), instructional design and e-learning tools.
• Strong communication, presentation, and interpersonal skills.
• Experience with phishing simulation platforms.
• Experience with building and delivering training programs.
• Knowledge of AI tools and technologies that can be used to create interactive content (media and static).
• Self-starter with the ability to take initiative and capable of communicating to technical and non-technical audiences. 
• Ability to effectively collaborate across multiple teams and ensure program needs are satisfied through interpersonal and trusted communication.
• Experience with SharePoint site development/maintenance, web development and video editing is preferred. 
• Understanding and knowledge of data integration requirements with external third parties is preferred. 
• Familiarity with cybersecurity compliance frameworks and standards is preferred.
• Understand regulatory requirements such as: CCPA, GDPR, NYDFS 500, Bermuda Monetary Authority, UK Financial Conduct Authority is preferred. 
• Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.

***This position may be filled at a different level, depending on experience***

Compensation

Actual base pay could vary and may be above or below the listed range based on factors including but not limited to experience, subject matter expertise, and skills. The base pay is just one component of Ascot’s total compensation package for employees. Other rewards may include an annual cash bonus and other forms of discretionary compensation awarded by the Company. 

Salary Range for New York Metro area: $90,000 - $102,000

Company Benefits

The Company provides a competitive benefits package that includes the following (eligibility requirements apply):

Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account, Health Care and Dependent Care Flexible Spending Accounts, Life Insurance, AD&D, Work/Life Resources (including Employee Assistance Program), and more

Leave Benefits: Paid holidays, annual Paid Time Off (includes paid state /local paid leave where required), Short-term Disability, Long-term Disability, Other leaves (e.g., Bereavement, FMLA, Adoption, Maternity, Military, Primary & Non-Primary Caregiver)

#LI-Hybrid