CYBERSECURITY COMMUNICATIONS, AWARENESS AND TRAINING LEAD – (6323)

Crown Holdings, Inc. is a global leader in the design, manufacture, and sale of packaging products for consumer goods. At Crown, we are passionate about helping our customers build their brands and connect with consumers around the world. We do this by delivering innovative packaging that offers significant value for brand owners, retailers, and consumers alike. With operations in 47 countries employing over 33,000 people and net sales of over $11 billion, we are uniquely positioned to bring best practices in quality and manufacturing to our customers to drive their businesses locally and globally. Sustaining a leadership position requires us to build a team of highly talented, dedicated, and driven individuals.

Crown Holdings is seeking an Information Security Analyst or Cybersecurity Education & Awareness / GRC Analyst to join our growing Information Security team. This position will report directly to the Chief Information Security Officer at our Corporate Headquarters in Yardley, PA.

Crown is seeking a highly motivated Information Security professional with demonstrated experience in developing and delivering training, education, and any associated communications. This is an opportunity to build a global capability covering all regions working with CISO and regional leadership. Additionally, this position will assist in several aspects of Governance, Risk, and Compliance (GRC) functions.

Key Responsibilities: 

• In coordination with the CISO and regional leadership develop a robust, realistic cyber communications engagement plan to reach all Crown employees – globally.
• Develop metrics to measure success of the security awareness program
• Develop and adapt strategies, goals, and objectives for managing a global cyber and information security education and awareness program with emerging technologies and risks
• Promote information security awareness to all employees and contractors through the creation of online cyber awareness trainings, in -person, virtual, and instill a creative energy around cyber.
• Assist in the continuous promotion, development, and publishing of information security policies and procedures. Ensure our program communicates our security policies and requirements so employees know, understand, and can follow them.
• Build Crowns’ awareness by taking a holistic approach to the Cybersecurity Education & Awareness program using electronic messages, forums, billboards, newsletters, symposia, and printed materials
• Develop and maintain the global security awareness training program that consists of managing security awareness training for hew hires and existing employees using a myriad of organic toolsets and third-party solutions.
• Create launch monthly phishing simulations through the third-party solution creating and launching role-based training for key roles (e.g., executives, privileged users) tracking and reporting training completion status supporting end-users access issues with the third-party solution managing the relationship with the vendor of the third-party solution
• Collaborate and coordinate with cyber and information security technical experts as needed to augment or further develop information security awareness, education, and training activities appropriate for employees
• Analyze and evaluate business needs and cyber threats to continuously improve the program
• Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including storyboards, user guides, and gamification elements
• Lead the development, planning, and execution of activities for the annual national cybersecurity awareness month
• This role will also have additional, but minimal responsibilities with Governance, Risk, Compliance (GRC) activities

• Bachelor’s degree or higher in information technology, computer science, or management information system
• Minimum of 5 years of work within Information Technology, Information/Cyber Security, or Communications
• Experience with executing mixed-method trainings, course design documents, implementation strategies, and program evaluation
• Experience with delivering computer-based training modules through technological means
• Excellent interpersonal skills with the ability to communicate effectively verbally and in writing with all levels within the organization, including both technical and non-technical personnel
• Independently writes well-‎structured and persuasive ‎deliverables
• A high degree of proficiency in MS Office, and the ability to translate complex concepts/data into graphically appealing and easy to understand presentations
• Confidently develops and delivers ‎presentations and can respond ‎to questions
• Highly organized and able to multi-task and manage concurrent deadlines