Director, Behavioral Science

PhishLine is seeking a highly motivated individual to design, implement, and maintain some of the most sophisticated security awareness programs in the world.

 

PhishLine helps global organizations measure their end-user susceptibility to real-world, social-engineering attacks and provides immersive, just-in-time training to drive improved recognition and behavior for end-users. We are a fast-paced, results-oriented company and we value energy, passion and creative thinkers. Along the way, we take the time to have fun and recognize and reward excellence, whether a sales person who blows out their number or a security analyst that goes above and beyond for one of our clients.

Our Founder and CEO is a veteran software executive with impeccable security industry credentials and a solid history of delivering enterprise-class software solutions. PhishLine was built for security professionals, by security professionals and offers advanced metrics, benchmarks and threat vectors others can’t match.

If you are goal-oriented and ready for a career that provides meaningful impact to combat cyber attacks, PhishLine is for you.

PhishLine, LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, PhishLine, LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Job Description

As the Director of Behavioral Science, you will partner with world-class threat intelligence and cyber security teams to identify and prioritize the security threats each program will address. You will then leverage your cognitive psychology skills to determine achievable human-behavior targets that have game-changing impact on the security posture of PhishLine customers. You’ll develop metrics to measure your impact, and implement programs that makes a lasting impact on behavioral drivers of information security.

Roles and Responsibilities

  • Overall program management for the Information Security Awareness Program
    • Set and achieve annual strategic goals
    • Represent the Program within and outside PhishLine
    • Meet or exceed regulatory compliance requirements for security awareness
    • Produce high-quality reporting and program documentation
  • Own and maintain the catalogue of information security threats in-scope for the Program
    • Partner with the PhishLine’s cyber security partners and other organization to determine in-scope threats
    • Decompose in-scope threats into measurable cognitive elements
    • Determine desirable human performance outcomes / metrics for each element
  • Design, propose, and execute tactical awareness campaigns based on the threat catalogue
    • Maintain execution plans for customer Programs
    • Manage scope, schedule and cost for campaigns and Program
  • Ensure closed-loop program by tailoring and executing follow-up actions based on campaigns
  • Establish, manage, and prune awareness channels such as digital communications, print media, and live events to maximize security awareness outcomes
  • Effectively manage partners, vendors, and customer resources as needed to measure and create security awareness outcomes

Required Qualifications

  • Possesses functional and industry experience;  expected to be subject area expert in specific skill set (cognitive psychology), business area or products
  • Mastery of functional knowledge in assigned area (cognitive psychology), applying skills and competencies in challenging and complex situations (information security awareness)
  • Professionally qualified or equivalent typically with 12+ years of experience, or equivalent combination of education and experience
  • Four-Year Degree in Computer Science, Computer Engineering, Management of Information Systems, Behavioral Research, Cognitive Psychology, or similar
  • Work Experience:  Minimum of 12 years between information security and applied psychology / behavior science
  • Language:  Fluent in English

Preferred Qualifications

  • Prior experience managing:  people, projects, and/or programs
  • Prior experience working in cognitive psychology or behavioral research
  • One or more industry-standard information security certifications (e.g. CISSP, CISM, etc.)

Required Key Skills

  • Analytical and critical thinking
  • Strategic planning and execution
  • Practical understanding of metrics and statistics
  • Practical experience with scientific methods / experiment design
  • Organizational skills
  • Project and program management
  • Written and verbal communication skills
  • Computer skills, with in-depth knowledge of Office (Word, Outlook, PowerPoint and Excel)
  • Interpersonal skills;  able to interact effectively throughout all levels of the Company
  • Outstanding self-motivation / initiative
  • Able to work and thrive in a fast-paced and dynamic environment
  • Able to recognize potential issues as they arise and escalate when necessary
  • Able to work independently, managing multiple tasks simultaneously to a high degree of accuracy

Desired Key Skills

  • Practical understanding of cyber security and risk management fundamentals

 

SUBMIT YOUR RESUME

 

PhishLine, LLC provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, PhishLine, LLC complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.