Security Awareness Risk Analyst

Our IT Enterprise Information Security organization isn’t just here to protect our business; we excite it. By ensuring the confidentiality, integrity, and availability of our data, we empower our people to protect their most innovative work. Through simple, accessible, and integrated cybersecurity, we aren't just defending the future—we're innovating it.

Job Description

Motorola Solutions maintains a fast pace of innovation and uses leading-edge technology within a dynamic environment to achieve extraordinary outcomes on a global scale. 

To do that, we’re looking for an Information Security Risk Analyst to join our team. This role focuses on the understanding, measuring, and improving an organization's risk and security culture. It is about keeping a regular pulse on how people think, feel, and behave around security, and using that insight to drive meaningful, lasting change. If you are ready to use your creativity and security expertise to influence the future of a global Fortune 500 company, we want to meet you.

Responsibilities: 

• Assist in the development and delivery of enterprise-wide security awareness initiatives including coordinating security events, hosting global training webinars and leading high-energy Cybersecurity Awareness Month Activities, and more

• Collaborate on the security awareness program roadmap and vision

• Build everything from presentation decks and training scripts to communications, newsletters, videos, and infographics that resonate with both technical and non-technical audiences

• Analyze phishing program results and training KPIs to identify trends and high-risk groups to tailor security interventions accordingly

• Stay attuned on the latest social engineering tactics (phishing, smishing, ransomware) to ensure our training prepares employees for real-world attacks

• Collaborate across the enterprise with security and business stakeholders including HR, Legal, Compliance, Engineering to design and deliver security content that bridges the gap between company policy and employee action, making the practice of cybersecurity a simple and integrated part of every role

• Partner with internal communications and design teams to create engaging security content (blogs, videos, infographics) that resonates with technical and non-technical audiences alike

Skills and attributes for success:

• Bringing an innovative mindset to management of Enterprise Information Security

• Engaging others in understanding and addressing information security risks to facilitate significant business decisions

• Creating powerful metrics and measurements to provide feedback loops for senior leaders looking to take thoughtful risks

• Being the voice of our information security program through contributions to clear and actionable policies and procedures as well as awareness activities

• Enable the future of our company by giving senior leaders the risk information they need to navigate significant business decisions

• You have an unparalleled opportunity to profoundly influence the course of our governance program, elevating our team to world-class performance

Basic Requirements

•  Bachelor’s degree in Cybersecurity, Information Security, Computer Science, Communications, Psychology, or a related field, or equivalent practical experience

• 0-2 years of experience in Information Security, Risk Management, Corporate Training, or Communications

• Must be able to speak/read/write in English with Full Professional Proficiency. 

• Strong understanding of the current threat landscape, specifically social engineering, phishing, smishing, and ransomware

• Hands-on experience with Security Awareness platforms (e.g., KnowBe4, Proofpoint, Mimecast) and Learning Management Systems (LMS)

• Proficiency in Google Sheets/Excel (pivot tables, VLOOKUPs) or data visualization tools (Tableau, PowerBI) to report on program effectiveness 

Desired: 

• Experience in security awareness, training and development, or implementation of cybersecurity programs

• Understanding of cybersecurity threats including social engineering, insider threats

• Familiarity with Splunk and other reporting software, teams dashboards a plus

• Technical knowledge and/ or experience in information security, cybersecurity, systems administration, architecture, cloud, or other technical domain

• Working familiarity with IT General Controls or other industry standards such as ISO 27001/2, NIST 800-171 or 800-53, SOC2

• ISC2, ISACACISSP, CISA, CRISC, CEGIT, or other relevant certification (or equivalent experience) is a plus

• Experience in policy development and implementation

• Familiarity with compliance standards and activities for SOx and or PCI.

• Project and organizational competency