Lead, Cyber Training and Awareness
EQ Bank
Toronto, ON, Canada
Posted on Aug 8, 2025
Purpose of Job
The Cyber Training and Awareness Lead is responsible for leading the development and execution of comprehensive cybersecurity education programs for both employees and customers of the bank. This role plays a critical part in strengthening the organization’s overall security posture by fostering a culture of cyber awareness and responsible digital behavior.
Key responsibilities include designing and delivering engaging training content, awareness campaigns, and educational resources tailored to diverse audiences—for internal staff, contractors and external customers. The Cyber Training and Awareness Lead ensures that employees understand and adhere to security policies and best practices, while also empowering customers to protect themselves against cyber threats such as phishing, fraud, and identity theft.
This role collaborates closely with cybersecurity, Technology departments, 2nd Line of Defence (risk management), and customer experience teams to ensure that training initiatives align with the bank’s security objectives and regulatory requirements. The Cyber Training and Awareness Lead also supports the Associate Director, Insider & Data Risk Management, in shaping the strategic direction and roadmap for insider risk initiatives.
Success in this role requires strong communication skills, creativity in educational design, and the ability to translate complex security concepts into accessible and actionable guidance for all audiences.
Main Activities:
- Develop and implement cybersecurity training programs tailored for both employees and customers.
- Design and deliver engaging awareness campaigns to promote secure behaviors and reduce cyber risk.
- Collaborate with internal teams (e.g., IT, Risk, Compliance, Communications) to align training with security policies and initiatives.
- Create and maintain educational content, including e-learning modules, newsletters, videos, and phishing simulations.
- Identify and maintain an inventory of high-risk roles based on access levels, job functions, and threat exposure.
- Develop and deliver specialized training modules tailored to the unique risks faced by high-risk groups.
- Conduct targeted phishing simulations and behavioral assessments to evaluate awareness and response.
- Collaborate with HR, IT, and Risk teams to ensure onboarding and ongoing training for high-risk roles is up to date.
- Monitor and evaluate the effectiveness of training programs through metrics, feedback, and incident trends.
- Identify emerging threats and update training materials to address evolving cyber risks.
- Support incident response efforts by providing just-in-time training and awareness during or after security events.
- Engage with customer-facing teams to ensure consistent messaging and support for customer cybersecurity education.
- Contribute to the strategic planning of the Insider & Data Risk Management program by identifying gaps and proposing improvements.
- Report on program performance to leadership, highlighting successes, challenges, and opportunities for growth.
Knowledge/Skill Requirements:
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- At least seven (7) years of Information Technology experience with at least five (5) years of information security experience.
- Strong understanding of cybersecurity principles, threats, and best practices.
- Familiarity with security frameworks (e.g., NIST, ISO 27001) and regulatory requirements.
- Knowledge of phishing, social engineering, and other common attack vectors.
- Experience with security awareness platforms and tools.
- Proven ability to design and deliver engaging training content for diverse audiences.
- Excellent written and verbal communication skills, with the ability to simplify complex topics.
- Experience in instructional design, adult learning principles, and e-learning development.
- Ability to tailor messaging for both internal employees and external customers.
- Technical engineering and/or automation experience and acumen is a preferred skill for this role.
- The following certifications are preferred: CISSP, CCSP, CCSK, CISM or CRISC.