The Cybersecurity Awareness and Training Manager at Sherwin-Williams is responsible for creating, implementing, and maintaining extensive A&T initiatives for enterprise. This role significantly contributes to decreasing the organization's risk by making sure that all 65,000+ employees fully understand their role in safeguarding Sherwin-Williams' data assets as well as handling data in accordance with international privacy laws. This person's obligations include making sure employees are informed and trained on SHW Cybersecurity policies & standards, any updates in global privacy regulations, and the latest cybersecurity threats and best practices from the moment they're onboarded and continuing through any career changes.
- Collaborate with subject matter experts to develop relevant and engaging content for cybersecurity training programs
- Design and deliver effective training sessions that connect individuals' roles to secure behaviors and highlight the importance of cybersecurity in their work activities
- Utilize innovative learning methodologies and technologies to enhance the effectiveness and engagement of training programs
- Evaluate the impact and effectiveness of training initiatives and identify areas for improvement or additional support
- Support the GRC regional employees with awareness and training initiatives
- Serve as a resource and point of contact for employees seeking guidance on cybersecurity best practices
- Foster a culture of cyber awareness and responsibility throughout the organization
- Stay updated on the latest cybersecurity trends, threats, and best practices to ensure training content remains current and relevant
- Collaborate with cross-functional teams, including HR business partners, to integrate cybersecurity awareness or training into existing learning and development initiatives
- Monitor and analyze cybersecurity metrics and trends to identify areas of concern and develop targeted training interventions
- Perform administrative and management duties (recruiting, hiring, training, coaching, performance planning and evaluations, corrective actions, etc.) as necessary
- Complete special projects as requested.
This position is not eligible for sponsorship for work authorization now or in the future, including conversion to H1-B visa. This position has a hybrid work schedule with three days in the office and the option for working remotely two days. Job duties include contact with other employees and access confidential and proprietary information and/or other items of value, and such access may be supervised or unsupervised. The Company therefore has determined that a review of criminal history is necessary to protect the business and its operations and reputation and is necessary to protect the safety of the Company's staff, employees, and business relationships. FORMAL EDUCATION: Required:
- Bachelor's Degree (or foreign equivalent) or in lieu of a degree, at least 12 years in experience in the field of Information Technology or Business (work experience or a combination of education and work experience in the field of Information Technology or Business).
Preferred:
- Master's degree in Business Administration, Psychology, or Communications, CISSP, CISM, CIPP, CIPM
KNOWLEDGE & EXPERIENCE: Required:
- 8+ years of IT and/or Business experience
- 5+ years of work experience in cybersecurity, privacy, or risk management.
- Experience presenting and running training programs.
Preferred:
- Supervisory experience or team responsibility.
- 5+ years working in training leadership and training program management.
- 3+ years project and program management experience
- Experience working with Global Privacy and Cybersecurity laws and regulations.
TECHNICAL/SKILL REQUIRMENTS:
Required:
- Leadership, decision-making, and problem-solving skills.
- Excellent verbal and written communication with all organizational levels.
- Proficiency in using learning management systems (LMS) and training tools.
- Experience in team-oriented, collaborative environments and motivating teams across cultures.
- Analyzing and interpreting data to identify trends and opportunities for improvement.
- Developing and executing comprehensive training strategies aligned with organizational goals.
- Commitment to fostering a culture of inclusion and diversity.
- Broad understanding of security tools and controls.
Preferred:
- Strong understanding of adult learning principles
- Experience developing targeted training programs
- Knowledge of the following frameworks:
- NIST Privacy Framework (PF)
- NIST Cyber Security Framework (CSF)
|