Our Information Security organization is currently seeking a Information Security Training Awareness Lead to join our growing team in our Worcester, MA office in a hybrid work arrangement or remote work location.

This is a full time, except position.

POSITION SUMMARY:

We are seeking a dynamic and experienced Information Security leader to drive our Information Security Training, Awareness, and Outreach initiatives. This role is critical to strengthening our cybersecurity posture by designing and executing engaging training programs, phishing simulations, and targeted outreach campaigns.

You will work closely with the Security Operations Center (SOC), Legal, HR, Corporate Communications, IT department and other stakeholders to foster a culture of security awareness across the enterprise.

In this role, annual plans will be created that provide a clear path to meeting program goals, milestones, regulatory requirements, and has the flexibility to address dynamic security challenges with agility.

This role will produce training materials for targeted audiences that address various learning styles through visual, auditory, and kinesthetic methods. This individual will build relationships with affected business units to meet objectives, and implement and manage phishing exercises, training modules, and communication materials. In addition, this individual will work closely with Hanover’s implementation managers to act as liaisons/change agents between the CISO and business units across the Enterprise.

WHAT YOU WILL DO IN THE ROLE:

Program Leadership & Strategy

• Have lead responsibility on significant course development of annual training and awareness plans aligned with regulatory requirements, threat landscape, and organizational goals.
• Lead the design and execution of phishing simulations and insider threat training programs based on NIST standards.
  Act as a change agent to promote adoption of security and IT best practices across business units.

Instructional Design & Delivery

• Create engaging, multi-modal training content tailored to diverse learning styles (visual, auditory, kinesthetic; inspired by the current cyber threat landscape.
• Translate complex technical and information security concepts into accessible, actionable learning materials.
• Deliver impactful presentations and facilitate training sessions for audiences at all organizational levels.

Outreach & Communication

• Build an outreach network to serve as liaisons between the Office of the CISO and business units.
• Develop and distribute awareness materials via newsletters, forums, digital signage, and online platforms.
• Establish and maintain an intuitive online hub for training schedules, resources, and security references.
• Create communications responding to active social engineering campaigns raising awareness to targeted parties, helping to protect The Hanover.

Metrics, Reporting & Analysis

• Develop and maintain key performance indicators (KPIs) and monthly metrics to measure the effectiveness of training, phishing simulations, and outreach efforts.
• Analyze trends and performance data to identify areas for improvement and inform future strategy.
• Collaborate with the GRC team to align reporting with compliance and risk management objectives.
• Prepare and present executive-level summaries and board communications to highlight program impact and progress.
• Ability to use automation tools such as Power BI is preferred but not required

Collaboration & Risk Mitigation

• Partner with Legal, HR, SOC, and Corporate Communications teams to address insider threats and develop mitigation strategies.
• Support incident response efforts through targeted education and outreach.
• Promote understanding of IT security responsibilities and organizational policies.

WHAT YOU NEED TO APPLY:

• Bachelor’s degree or 5+ years of relevant experience in cybersecurity, instructional design, or adult education.
• Proficiency in MS Office Suite and familiarity with security training platforms (e.g., Proofpoint).
• Knowledge of cybersecurity frameworks (NIST, ISO, MITRE) preferred.
• Experience designing and delivering training in virtual and matrixed environments.
• Strong organizational and time management skills; ability to adapt and solve problems creatively.
• Skilled in multimedia and web design tools (e.g., Articulate, Captivate, webinar platforms).
• Ability to influence stakeholders and execute strategic plans across a large enterprise.

Awareness & Outreach-Specific Certifications preferred, not required:

• SANS Security Awareness Professional (SSAP)
• Specifically designed for professionals managing security awareness programs.
• SANS Managing Human Risk
• Focuses on behavior change and building a culture of security.