• Information Security Awareness & Training Lead

    Rush University Medical Center (Chicago, IL)


    Job Description

    Business Unit: Rush Medical Center

     

    Hospital: Rush University Medical Center

    Department: Digital & Information Services

    **Work Type:** Full Time (Total FTE between 0.9 and 1.0)

    **Shift:** Shift 1

    **Work Schedule:** 8 Hr (8:00:00 AM - 5:00:00 PM)

     

    Rush offers exceptional rewards and benefits learn more at our Rush benefits page (https://www.rush.edu/rush-careers/employee-benefits).

     

    **Pay Range:** $50.68 - $75.51 per hour

     

    Rush salaries are determined by many factors including, but not limited to, education, job-related experience and skills, as well as internal equity and industry specific market data. The pay range for each role reflects Rush’s anticipated wage or salary reasonably expected to be offered for the position. Offers may vary depending on the circumstances of each case.

    Summary:

    At **Rush University Medical Center** , we believe cybersecurity starts with people. We’re seeking a **Cybersecurity Awareness and Training Lead** who is passionate about empowering others to protect our organization, patients, and community.

     

    In this influential role, you will design and lead engaging cybersecurity education programs that foster a culture of security across our clinical, corporate, and academic environments. Partnering with IT, Compliance, HR, and business leaders, you’ll create innovative training campaigns, lead phishing simulations, and communicate key security concepts in ways that resonate with every audience.

     

    You’ll combine your creativity, technical expertise, and leadership skills to turn complex cybersecurity concepts into actionable learning experiences — helping every employee become a stronger link in our defense.

     

    If you’re motivated by the challenge of inspiring secure behaviors, shaping organizational culture, and advancing cybersecurity awareness at scale, this is your opportunity to make a lasting impact.

    Responsibilities:

    + Design, implement, and manage comprehensive cybersecurity awareness and training programs across the organization.

    + Develop engaging training content, including presentations, e-learning modules, newsletters, posters, and multimedia campaigns.

    + Conduct phishing simulations and other behavioral exercises to measure awareness levels and improve employee readiness.

    + Collaborate with IT, Compliance, HR, and business unit leaders to integrate cybersecurity awareness into onboarding, annual training, and role-specific programs.

    + Track, analyze, and report program effectiveness metrics, providing recommendations for improvement to the Deputy BISO and senior leadership.

    + Ensure training programs comply with applicable regulations, including HIPAA, HITECH, SOX, and other industry requirements.

    + Support internal and external audits by maintaining accurate records of training activities and compliance evidence.

    + Prepare executive-ready reports and presentations that communicate training outcomes, risks, and recommendations to leadership.

    + Promote cybersecurity culture by serving as a visible advocate for awareness initiatives and employee engagement.

    Job Requirements

    + Bachelor’s degree in Cybersecurity, Information Technology, Education, Communications, or a related field.

    + 3–5 years of experience in cybersecurity awareness, training, or program management.

    + Strong knowledge of cybersecurity frameworks and standards (NIST CSF, CIS Controls, ISO/IEC 27001).

    + Familiarity with regulatory requirements relevant to healthcare and corporate environments (HIPAA, HITECH, SOX).

    + Proven ability to create clear, compelling reports and presentations tailored for executive leadership.

    + Strong technical knowledge and expertise with productivity and design tools, including Microsoft Office Suite, Learning Management Systems (LMS), Canva, and other emerging platforms.

    + Demonstrated ability to develop and deliver engaging content for diverse audiences.

    + Experience with Learning Management Systems (LMS), phishing simulation platforms, and training analytics tools.

    + Excellent communication, presentation, and interpersonal skills.

    + Professional certifications such as SACP, CompTIA Security+, CISA, CISM, or equivalent preferred.

    Key Competencies

    + Ability to translate complex technical concepts into clear, engaging messages.

    + Strong organizational and project management skills with attention to detail.

    + Collaborative and adaptable, with the ability to work across multiple business units.

    + Results-oriented with a focus on continuous improvement and measurable impact.

     

    Rush is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, and other legally protected characteristics.

     

    **Position** Information Security Awareness & Training Lead

    **Location** US:IL:Chicago

    **Req ID** 22627