Apply now »

Lead Security GRC Analyst

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

Job Description – Lead, Cybersecurity Awareness, Education & Training

Role Summary

The Lead – Cybersecurity Awareness, Education & Training is responsible for leading and continuously maturing the enterprise cybersecurity awareness and training program. This role drives organization-wide security education initiatives to reduce human-driven cyber risk, improve secure behaviors, and support adoption of cybersecurity policies, controls, and strategic initiatives.

The role provides program leadership, content governance, and execution oversight across awareness campaigns, phishing simulations, role-based training, and change-management communications, while partnering closely with Cybersecurity, HR, Compliance, IT, and business leaders.

Key Responsibilities

Cybersecurity Awareness Program Leadership

- Lead the enterprise cybersecurity awareness and training strategy aligned with organizational risk priorities and regulatory requirements

- Define annual awareness roadmaps, editorial calendars, and campaign plans (e.g., phishing, data protection, AI usage, social engineering)

- Ensure consistent delivery of engaging, relevant, and timely awareness content across multiple channels (email, Teams, SharePoint, LMS, town halls)

- Act as the primary owner for the cybersecurity awareness and education program

Phishing Simulation & Behavioral Risk Management

- Lead phishing simulation programs, including campaign design, execution, analysis, and reporting

- Oversee repeat-clicker identification, targeted training, and corrective action workflows

- Analyze phishing metrics and behavioral trends to drive targeted interventions and program improvements

- Partner with leadership and HR to address high-risk behaviors through structured escalation and education paths

Training, Education & Change Enablement

- Design and oversee role-based and risk-based cybersecurity training (new hires, privileged users, high-risk roles)

- Partner with HR and Learning teams to integrate cybersecurity training into onboarding and annual compliance programs

- Support change-management and communication efforts for major cybersecurity initiatives (e.g., IT Disaster Recovery, Data Protection, AI governance)

- Ensure training content aligns with approved cybersecurity policies, standards, and regulatory expectations

Governance, Metrics & Continuous Improvement

- Define KPIs and success metrics for awareness and training effectiveness (phish click rates, reporting rates, training completion, behavior improvement)

- Develop executive-level dashboards and reports to demonstrate program impact and risk reduction

- Continuously assess program effectiveness and evolve content based on threat intelligence, incidents, and audit findings

- Ensure compliance with security awareness and training policy requirements and evidence retention

Stakeholder & Cross-Functional Engagement

- Collaborate with Cybersecurity domain teams, Compliance, HR, Privacy, Legal, and Communications

- Serve as a trusted advisor to leaders on human-centric cyber risk and mitigation strategies

- Support enterprise communications during major cyber incidents and high-impact events

Required Skills & Experience

- 5–8+ years of experience in cybersecurity, risk management, awareness, training, or change-management roles

- Demonstrated experience leading enterprise-scale cybersecurity awareness and education programs

- Strong understanding of social engineering, phishing, human risk management, and security behavior change

- Experience with phishing platforms, LMS tools, and collaboration platforms (e.g., Proofpoint, HealthStream, Teams)

- Strong communication, storytelling, and stakeholder engagement skills

- Ability to translate complex cybersecurity topics into simple, actionable guidance

Preferred Qualifications

- Experience in healthcare or other highly regulated industries

- Experience integrating awareness programs with GRC, risk, and incident response functions

Key Success Metrics

- Reduction in phishing susceptibility and repeat clickers

- Increased reporting of suspicious emails and security incidents

- High training completion rates and positive learner feedback

- Improved secure behaviors across the workforce

- Strong leadership confidence in awareness program effectiveness

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »