.Leads the security policy management function within GRC end-to-end. - Responsible for running policy workshops to triage policy intake requests for the modification and/or creation of new policies, control standards, and procedures. This may also include troubleshooting ownership issues or anything related to policies such as correlation to compliance frameworks, risks, or general cybersecurity events and evolution. - Responsible for facilitating the annual policy attestation cycle where owners must leverage the GRC tool, Archer, to sign off or modify their control statements. This includes working together with partners across the organization who need support navigating the intricacies of policy management. - Supporting all issues related to policy management. - POC for everything Policy Management within GRC and for partnering areas. - Setting long-term goals and strategies to evolve policy management. Supports the Security Awareness Training (SAT) function within GRC end-to-end. - Responsible for security onboarding for all new recruits as well as annual security refresher training. This includes maintaining current content, creation of new content, leveraging our tools for content changes, and working with learning center management peers. - Lead for National Cyber Security Awareness Month. This includes creation of the schedule of events and executing the plan – workshops, webinars, training, games, prizes, tech talks, etc. - Lead for hosting phishing programs and campaigns to increase employee vigilance. This includes creating the plans, testing, prepping with technical areas to ensure conflicts don't arise, analyzing the data during and after the phishing campaigns. This also includes fixing any and all issues that may arise regarding tool conflicts, false positives, etc. - Familiarity with common SAT platforms such as ProofPoint, KnowBe4, OneTrust, Archer, etc. - Lead for ad-hoc training and role-based training per utilized SAT platforms. Expand upon the SAT program to host periodic training by function, group, etc. - Support other areas that rely on security training or awareness needs. Required Skills Direct experience managing Security Policy programs or directly supporting them within a security or IT team. Experience creating new policies and standards as well as modifications to policies and standards as needed for various compliance and regulatory purposes.Experience with creating long-term strategies for the organization of Policy Management frameworks to govern internal processes with all employees.Strong understanding of Archer GRC Tool. Development is not a must but navigation is.Strong communication skills, ability to navigate across departments and network with various employees across the department to solve issues, host trainings, run meetings and workshops, etc.Supports the maturity of the Governance function.Develops documentation related to the GRC Platform