Share this Job

Security Awareness Lead

Date: Sep 25, 2022

Location: Atlanta, GA, US, 30308

Company: Norfolk Southern Corp.

#LI-JK1 #LI-Hybrid


Job Description

Instill a security minded culture at Norfolk Southern by implementing and maintaining the Security Awareness Program. The goal of the security awareness program is to manage information security risk by ensuring that all users understand NS security policies and best practices when working with NS data and information systems. To that end, the Security Awareness Lead will partner with Information Security and cross functional teams to increase security awareness by developing and delivering innovative strategies, methodologies, technologies, communications, campaigns, and curriculums. As part of this role, The Security Awareness lead will manage the Security Awareness training platform, phishing campaigns, coordinate year-round cybersecurity events, maintain security awareness internal website, draft targeted security communications regularly and deliver insightful training and materials. This is an exciting and unique opportunity with high visibility for the entire company.

Principal Duties:

  • Manage, enhance, and execute the NS Security Awareness Program to continue maturing the program (repeatable processes, metrics etc.), change not only behaviors but culture and ensure it meets all industry regulations, standards, and compliance requirements
  • Manage and execute the phishing program by deploying simulations via the Security Awareness Platform while maturing the overall program to ensure associates stay ahead of email threats 
  • Collaborate with cross-functional teams to design, produce, and deliver compelling and innovative awareness campaigns to drive adoption of security behaviors for all end users and targeted audiences.
  • Create, maintain and publish marketing and promotional material (presentations, videos, websites, and instructional content) in support of the Security Awareness Program communication strategy to educate employees on security alerts, standards & Policies updates, security best practices and privacy issues 
  • Organize year-round awareness events such as tech talks, lunch and learns, panels discussions to support the development of a secure culture
  • Research emerging security risks and trends (social engineering attacks, new phishing methods, malware attacks) and provide recommendations 
  • Develop performance metrics to measure progress and report to management.

Required Skills:

  • Creative thinking and understanding of audience to produce engaging materials in a variety of formats and media, including storyboards, user guides, and gamification elements
  • An understanding of relationship between human behavior and security 
  • Strong self-motivation, self-management, and time management skills, with the ability to work under pressure, prioritize work, meet targets and intensify when appropriate
  • Excellent communication and interpersonal skills (written and verbal) with the ability to communicate with all levels within the organization, including both technical and non-technical personnel
  • Proven ability to lead with innovative ideas and an “out-of-the-box” thinker with the passion to learn and adapt
  • Understand and use of basic project management methodologies, including the ability to plan, manage and maintain a complex, organization wide program over the longer term
  • Excellent relationship-building and influencing skills in all mediums and throughout all levels of the organization
  • Experience with deploying enterprise wide trainings through learning management systems 
  • Experience with ProofPoint
Preferred Skils
  • ​​​Excellent creative and visual skills including graphic, web, print and slide design.
  • Familiarity with design programs (InDesign, Illustrator, Photoshop) is also a plus.

Job Related Experience:

Preferred Level:2+ years of professional Information/Cyber Security Awareness Experience or relevant work experience in one or more of the following fields: security or privacy education/training, information security, risk management, corporate communications, psychology, marketing or another related field.


Preferred Level: Bachelor’s Degree (BS)

Preferred Majors: Computer Science or Information Systems, Specialization in Information Security/Assurance is a plus


  •  CISSP, CISA, SSAP (SANS Security Awareness Professional), PMP, or other industry certifications will be considered a plus.

Company Overview

Norfolk Southern Corporation (NYSE: NSC) is a Fortune 300 organization and one of the nation’s premier transportation companies. Its Norfolk Southern Railway Company subsidiary operates approximately 19,500 route miles in 22 states and the District of Columbia, serves every major container port in the eastern United States, and provides efficient connections to other rail carriers. Norfolk Southern is a major transporter of industrial products, including chemicals, agriculture, and metals and construction materials. In addition, the railroad operates the most extensive intermodal network in the East and is a principal carrier of coal, automobiles, and automotive parts.


At Norfolk Southern, we believe in celebrating our individuality. By leveraging the unique backgrounds and viewpoints of our employees, we can create a culture of innovation, respect, and inclusion. We know that employees thrive in a workplace where differing viewpoints, ideas, and experiences are freely shared and valued. As such, we encourage all employees to contribute their distinctive skills and capabilities to our organization.


Equal employment opportunities are available to all applicants regardless of race, color, religion, age, sex, national origin, disability status, genetic information, veteran status, sexual orientation, and gender identity. Together, we power progress.



Nearest Major Market: Atlanta