Cybersecurity Awareness Program Manager

Career Guide

A Cybersecurity Awareness Program Manager builds and runs organization-wide education that helps employees avoid security risks, follow policies, and respond correctly to threats. The role blends communication, behavior change, and security fundamentals to reduce human-related security incidents.

Key Responsibilities

Design and run an annual security awareness strategy and calendar
Create role-based training for groups such as new hires, executives, and high-risk teams
Deliver engaging communications across email, intranet, chat, and live sessions
Run phishing simulations and track improvement over time
Partner with security teams to translate real risks into practical guidance
Maintain training records for audits and compliance requirements
Measure program effectiveness using clear metrics and reporting
Manage vendors and training platforms, including content updates and licensing
Coordinate incident reporting education and safe escalation paths
Continuously improve content based on feedback, incidents, and new threats

Top Skills for Success

Written Communication

Presentation Skills

Stakeholder Management

Project Management

Change Management

Behavior Change Design

Instructional Design

Security Awareness Campaign Strategy

Phishing Simulation Management

Data Analysis

Metric Definition

Security Risk Basics

Policy Communication

Compliance Alignment

Career Progression

Can Lead To

Security Awareness Lead

Governance Risk and Compliance Manager

Security Program Manager

Security Operations Program Manager

Risk Manager

Transition Opportunities

Security Culture Manager

Identity and Access Management Program Manager

Third Party Risk Manager

Privacy Program Manager

Security Training Consultant

Common Skill Gaps

Often Missing Skills

Executive CommunicationTraining Impact MeasurementBehavior Change DesignInstructional DesignVendor ManagementThreat Awareness TranslationCompliance Alignment

Development SuggestionsBuild a simple measurement model that tracks completion, reporting rates, click rates, and repeat offenders. Collect a small set of real examples from incidents and translate them into short, practical guidance. Create a repeatable campaign template that includes audience, message, channel, and success metric.

Salary & Demand

Median Salary Range

Entry LevelUS$85,000 to US$110,000

Mid LevelUS$110,000 to US$145,000

Senior LevelUS$145,000 to US$190,000

Growth Trend

Strong demand. Hiring is supported by increased regulatory pressure, higher phishing and social engineering activity, and broader security training expectations across industries.

Companies Hiring

Major Employers

DeloitteAccentureIBMMicrosoftAmazonGoogleJPMorgan ChaseBank of AmericaWells FargoUnitedHealth GroupCVS HealthKaiser PermanenteWalmartTargetAT&T

Industry Sectors

Financial ServicesHealthcareTechnologyRetailTelecommunicationsGovernmentEducationEnergyManufacturing

Recommended Next Steps

Create a 90 day plan that includes quick wins, baseline metrics, and a training calendar

Build a phishing simulation plan with clear rules, follow-up coaching, and reporting goals

Develop a role-based training map for high-risk groups such as finance and executives

Assemble a metrics dashboard with trend lines and plain-language insights

Collect employee feedback and use it to improve content clarity and relevance

Document program processes for audits, including training evidence and exceptions

Strengthen partnerships with human resources, internal communications, and IT support