Information Security Awareness Program Manager
Role details
Job location
Tech stack
Job description
The Information Security Awareness Program Manager is responsible for designing, executing, and continuously improving the enterprise-wide cybersecurity awareness and training program. This role drives human risk reduction by influencing employee behavior, strengthening security culture, and ensuring compliance with regulatory and industry standards.
This leader partners across Security Operations, GRC, Privacy, HR, Legal, and IT to deliver targeted, role-based training and measurable outcomes aligned to enterprise risk objectives.
Responsibilities may include the following and other duties may be assigned.
?
Program Strategy & Leadership
- Develop and execute a multi-year Security Awareness & Human Risk Management strategy
- Transition the program from compliance-based training ? behavior-driven risk reduction
- Establish role-based training frameworks (e.g., executives, engineers, clinicians, finance)
- Regulatory requirements (e.g., HIPAA, FDA pre/post-market guidance)
- Annual mandatory training
- Just-in-time and microlearning modules
- Phishing and social engineering simulations
- Secure software development (SSDLC)
- Medical device/product security
- Data privacy & PHI handling
- Phishing susceptibility rate (click rate)
- Report rate (user reporting of suspicious emails)
- Repeat offender trends
- Time-to-report metrics
- Build dashboards for: Executive leadership and Board/Audit Committee reporting
- Use data to drive targeted interventions
- Phishing Simulation & Behavioral Testing
- Lead enterprise phishing simulation program
- Design adaptive campaigns based on: Threat intelligence, user risk segmentation
- Integrate with: SOC (incident response feedback loop) and Email security platforms
- Stakeholder Engagement: Partner with: HR (onboarding/offboarding training), Legal/Privacy (regulatory alignment), Engineering/Product teams (secure development awareness) and Executive leadership (risk communication)
- Deliver executive briefings and board-level updates
- Compliance & Framework Alignment - ensure alignment with: ISO 27001 and HIPAA Security Rule (Security Awareness & Training)
- Support internal and external audits
- Technology & Vendor Management
- Manage awareness platforms
- Oversee LMS integration and reporting
- Evaluate and onboard new training technologies
Requirements
Requires a Baccalaureate degree and minimum of 7 years of relevant experience, or advanced degree with a minimum of 5 years relevant experience., * 5-8+ years in cybersecurity, with 3+ years in security awareness or human risk programs
- Experience in regulated industries (healthcare, medical devices, financial services)
- Proven track record building or maturing an enterprise awareness program
- Phishing/social engineering attack vectors
- Security operations and incident response workflows
- Identity and access management concepts
- Phishing simulation platforms
- Learning Management Systems (LMS)
- Data analytics and reporting tools (e.g., Power BI, Tableau)
- ISO 27001
- HIPAA Security Rule
- NIST NICE Workforce Framework (Awareness & Training roles
- CISSP, CISM, or CRISC
- Certified Security Awareness Practitioner (CSAP) or equivalent
- Behavioral science or psychology principles in security
- Human Risk Management (HRM) frameworks
Benefits & conditions
MiniMed offers a competitive salary and flexible benefits package
At MiniMed, we put people first. A commitment to our employees lives at the core of our values: We recognize their contributions. They share in the success they help create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every stage of your career and life.
Salary ranges for U.S (excl. PR) locations (USD):$150,400.00 - $225,600.00
This position is eligible for a short-term incentive called the Short Term Incentive (STI).
At MiniMed, we are committed to supporting the well-being and financial security of our employees. Regular employees working 20 or more hours per week are eligible for a robust benefits package, including health, dental, and vision insurance, as well as access to a Health Savings Account, Healthcare Flexible Spending Account, life insurance, long-term disability leave, and a dependent daycare spending account. In addition, all regular employees enjoy incentive plans, a 401(k) plan with company match, short-term disability coverage, paid time off and holidays, participation in our Employee Stock Purchase Plan, and access to our Employee Assistance Program. Eligible employees may also benefit from our Non-qualified Retirement Plan Supplement and Capital Accumulation Plan, subject to IRS minimum earnings requirements. Please note that "regular employees" refers to those who are not temporary staff, such as interns, and some benefits may not apply to employees in Puerto Rico.
For further details about our comprehensive benefits, we encourage you to visit the link below.
