Senior Information Security Awareness Advisor

About this opportunity:

The primary goal of the Senior Information Security Awareness Analyst role is to strengthen Cenovus's cyber security defenses by proactively identifying and addressing human risks, driving innovation, and continuously evolving our comprehensive awareness and training program. Specifics include developing and implementing initiatives that educate employees on secure behaviors, ensuring compliance with regulatory requirements, and fostering a culture of security across the company. The role requires collaboration with various team members to build engaging and effective content, measure the impact of awareness efforts, and continuously adapt strategies to address emerging threats to help protect Cenovus from a variety of threat actors.

What you'll do:

• Monitor and identify the top human risks to our organization, guiding behavior changes to mitigate those risks

• Support and develop the awareness program, including researching and producing content to implement security awareness and training initiatives through various channels (digital media, print media, training, events, etc.)

• Collect feedback, comments, suggestions, and impressions from employees engaged in awareness and training activities to improve Cyber Culture initiatives

• Measure and evaluate the impact and comprehensiveness of awareness and training initiatives through dashboards, KPI reports, and results collection

• Develop tailored cybersecurity role-based personas and learning paths, designing courses that promote secure behaviors in compliance with enterprise policies, procedures, and standards

• Configure, deploy, maintain, and support security awareness toolsets

• Ensure all regulatory and compliance requirements for security awareness are met, extending beyond regulations to drive behavioral change and inspire a security culture within the company

• Identify and collaborate with security champions to broaden the security reach within lines of business across the company

• Engage subject matter experts to turn complex topics into actionable and easily understood materials for staff (e.g., newsletters, computer-based trainings, and new posts, learn-by-doing activities)

• Participate and contribute to projects related to cybersecurity awareness, including business initiatives, and complete assigned tasks through project development, integration, and implementation

• Create and assist with innovative security awareness campaigns using solution provider and custom-developed tools designed to be flexible and adaptable across a globally diverse employee population (e.g., developers, executives, operations, etc.)

• Organize activities for cybersecurity awareness-specific global dates (e.g., October Cyber Security Awareness Month, Data Privacy Week, Infrastructure Security Month) by researching and engaging speakers, developing games and quizzes, and reward activities

• Promote, influence, and administer cybersecurity awareness learning initiatives using written, audio, and visual mediums, exhibiting partnership building and non-authoritative leadership capabilities

• Provide worldwide customer support, problem identification, and resolutions in cybersecurity awareness-related activities (e.g., newsletters, awareness campaigns)

• Report on metrics of participation and effectiveness

• Assist in response to business units or regional cybersecurity awareness requests

• Demonstrate creative thinking while accounting for multiple perspectives in any given scenario

• Continually research evolving or emerging threats against staff to create and incorporate solutions that simplify or reduce friction for staff regarding cyber risks

Who you are:

Our ideal candidate will have the following minimum requirements:

• Legally authorized to work in Canada

• Bachelor's degree in (Corporate/Persuasive) Communication, Security Studies, Crisis Management, Behavioral Science/Psychology, Information Technology, Organizational change management or a related field.

• Typically, 8+ years' relevant work experience in one or more of the following fields: technical, security or privacy education/training, information security, risk management, organizational behavior change, communications, or other related fields.

• Experience creating, developing, and building behavior change initiatives with focus on information security and/or privacy education and awareness training initiatives, preferably in a large enterprise.

• Experience running and supporting simulation-based training campaigns such as phishing and voice elicitation a plus.

• Professional certifications are considered a plus (e.g. ISC2 CISSP: Certified Information Systems Security Professional; PMI-ACP: PMI Agile Certified Practitioner; SANS SSAP: Sans Security Awareness Professional)

• Fluent in written and spoken English; any other language skill is considered a plus.

We acknowledge the value of transferrable skills and may consider equivalent combinations of experience and education should you not meet a specific requirement.

Note: The application deadline for this position is 11:59 PM MT October 30, 2024.

If you require accessibility assistance to complete the on-line application or otherwise apply for an open position with Cenovus, its subsidiaries and affiliates, please email careeropportunities@cenovus.com.

Internal candidates that are currently in a lower grade will be assessed based on their sustained job performance, how they demonstrate the expected organizational competency behaviors and values and in discussions with their current leader prior to resolving next steps.

Who we are:

We're an integrated energy company headquartered in Calgary with oil and natural gas production operations in Canada and the Asia Pacific region, and upgrading, refining, and marketing operations in Canada and the United States. We're committed to enhancing value by developing our assets in a safe, responsible, and cost-efficient manner, integrating environmental, social and governance considerations into our business plans.

We've been named a Top Alberta Employer for 2024, a designation recognizing organizations leading their industries in offering exceptional places to work.

Find Cenovus on Facebook, X, LinkedIn, YouTube and Instagram.

For more information, please visit cenovus.com.

At Cenovus, we embrace diversity of thought, experience, and backgrounds to help us make better business decisions, address our challenges, seize opportunities, and unlock innovative solutions. We're committed to building a diverse and inclusive workplace where people feel respected, valued, and engaged. We strive for a collaborative, physically and psychologically safe environment where you can be yourself, feel a sense of belonging and thrive. For more information, including details on our inclusion and diversity networks, visit Cenovus.com.

The requirements of this posting may be modified to support business needs. Title and compensation administration will be based on the skills and capabilities of the successful incumbent.

#LI-MW1

Notification

To be considered for a position, please click Apply and create an account or sign in to your Cenovus Careers profile.

Immediately following successful submission of your online application, you will receive an online notification confirming Cenovus's receipt of your resume.

Only those applicants who apply directly to a posted position and are selected for an interview will be contacted. We will not accept agency or third-party candidate submissions.

To follow the status of your application, log in to your Cenovus Careers profile and click on the appropriate job under 'My Applications'.

Interested in this opportunity? Click the Apply link.

If you are a CURRENT EMPLOYEE please apply by going to our Internal Career Site