Last reviewed: March 2017

Recommendations if you are developing a job announcement or description for your institution:

  1. Review the sample Security Awareness Coordinator job description (below).
  2. Review the National Cybersecurity Workforce Framework published by NIST, which includes sample job titles and key tasks.
  3. Review the 2016 IT Workforce in Higher Education research hub for the most recent EDUCAUSE research on the evolving IT workforce needed to support contemporary models of IT service delivery.

The following job description template is provided to help you get started on drafting a similar job description at your institution. It is intended to be illustrative and serve as a representative sample of the tasks that might be required for a particular role. It may not be inclusive of all job functions or knowledge, skills, and abilities that your institution requires in a particular role, or it may be overbroad for the position that you are designing. The template was designed so that you can add the example job functions, and knowledge, skills, and abilities statements into your own institutional job description template, and then augment the general items included in this template with your own specific institutional, role, and/or task needs.

Security Awareness Coordinator Job Description Template

Institution Name

Title (e.g., Security Awareness Coordinator)

Institution's Job or Reference #

Summary: The Security Awareness Coordinator is responsible for the institution's information security awareness and education program. The overall goal of the security awareness and education program is to reduce information security risk by ensuring that all students, faculty, and staff understand campus security policies and apply university information security practices with respect to institutional data and information technology systems. In collaboration with other members of the information security department, this position will manage a broad set of activities, including: drafting publications, creating and managing website content, facilitating marketing campaigns, scheduling meetings, creating timelines and infographics; and helping to plan outreach, awareness, and educational events. The Security Awareness Coordinator will also be responsible for evaluating effectiveness of techniques and resources as appropriate.

Reporting position: The Security Awareness Coordinator reports to the Chief Information Security Officer.

For more information: For complete details and to apply, please visit: <<Institution's URL>>

Duties and Responsibilities

Leadership

  • Develop the strategy, goals, and objectives for the information security training, education, and awareness program.

  • Serve as an internal consultant and advisor in own area of expertise (e.g., technical, copyright, print media, teaching and learning, etc.)

  • Maintain a long-term strategy while addressing current risks.

  • Drive program towards maturity. (Repeatable processes, metrics etc.)

  • Structure and maintain this program to be long term, so we change culture in addition to behaviors over time.

Risk

  • Identify the top human risks to our organization and the behaviors we need to change to mitigate those risks.

  • Adapt strategy to incorporate and address emerging technologies and risks.

  • Tailor information security training, education, and awareness programs to reduce institutional risk related to lack of training.
Policy/Compliance

  • Ensure that our information security awareness program communicates our security policies and requirements so that people know, understand, and can follow them.

  • Promote University awareness of information security policies through the creation and maintenance of an online presence that is intuitive to use, provides engaging activities to reinforce behaviors, and serves as a central repository for security guidance and references.

  • Tailor information security training, education, and awareness programs to policy and compliance objectives (e.g., HIPAA, FERPA, PCI).

  • Create policy and process documentation related to information security training, education, and awareness programs as needed.
Outreach/Awareness

  • Develop new or identify existing information security training, education, and awareness activities appropriate for campus audiences.

  • Develop and maintain an information security awareness program that effectively motivates desired behaviors so our community handle data and systems in a secure manner.

  • Prepare and deliver information security training, education, and awareness activities appropriate for campus audiences.

  • Evaluate the effectiveness of existing information security training, education, and awareness program/activities.

  • Create a metrics framework that can effectively measure engagement, behaviors, and impact.

  • Collaborate with information security technical experts as needed to augment or further develop information security training, education, and awareness activities appropriate for campus audiences.

  • Coordinate efforts with school security officers and Public Affairs/Communications/Public Information Officers to develop strategies and maintain consistent messaging across the University.

  • Build University awareness by taking a holistic approach to the information security awareness program using electronic messages, forums, billboards, newsletters, symposia, and printed materials that complement each other and build upon previously covered concepts.

  • Work with external vendors and agency partners as needed to establish quotes, production schedules, delivery, and implementation of materials.
Training

  • Incorporate adult learning methodologies into design and delivery of content.

  • Apply Instructional Design best practices into the development of courses and curricula.

  • Accommodate multiple learning styles into course design.

  • Facilitate successful social learning experiences in classroom settings (virtual and in-person).

  • Define achievable, observable, and measurable learning objectives (skills) into training programs.

Knowledge, Skills, and Abilities

  • Applies a basic knowledge of information security and risk mitigation principles, theories, and techniques in daily work.

  • Demonstrates understanding and use of basic project management methodologies, including the ability to plan, manage and maintain a complex, organization wide program over the longer term.

  • Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel.

  • Independently writes well-‎structured and persuasive ‎end products.‎

  • Crafts messages to match capability of the audience. (Ability to contextualize technical content for campus audiences may be better.)

  • Ability to communicate in a simple, clear and concise manner to the various communities within our organization.

  • Practical knowledge of different message distribution techniques to ensure end user communities understand and continually apply the required behavior necessary to reduce the 'human factors' risk.

  • Desire to learn and integrate new capabilities in digital technology, such as audio, video, social media, online communities, blogs, and other web-based technologies.

  • Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including storyboards, user guides, and gamification elements.

  • Resilience and flexibility to explore different paths to achieve an outcome and adjust quickly and efficiently to new circumstances and measured results.

  • Confidently develops and delivers ‎presentations and is able to respond ‎to questions.

  • Highly organized and able to multi-task and manage concurrent deadlines.

  • Ability to effectively contribute to and lead working groups.

  • A high degree of independence, integrity and confidentiality.

  • Flexible; able to move strategy forward in a rapidly changing environment.

PLEASE NOTE: In order to receive proper consideration, applications must be submitted directly via the Institution's career site. Applications submitted via any other source will not be considered.

The Institution is an EEO/AA: M/W/D/V (Equal Opportunity/Affirmative Action Employer: Male/Female/Disabled/Veteran) Employer.

(question) Questions or comments? (info) Contact us.

(warning) Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).