CYBER SECURITY ANALYST- (REMOTE- NATIONWIDE)

Job Summary

The Cyber Security Analyst is a key contributor in the Cybersecurity organization, primarily responsible for designing, administering, and continuously improving Compass Group North America’s phishing simulation and security awareness program. This role focuses on reducing organizational risk from email borne threats—such as phishing, business email compromise (BEC), malware delivery, and credential harvesting—by shaping user behavior through realistic simulations, targeted education, and measurable outcomes. 

In addition to leading phishing simulation and awareness initiatives, the cyber security analyst provides support for email security alerting and response, including analysis of reported phishing messages and collaboration with Cybersecurity Administration and Incident Response teams when real-world threats are identified. The ideal candidate is detail oriented, metrics driven, and comfortable blending user communication and technical analysis to strengthen Compass’s human layer defenses. 

Job Responsibilities

• Administer the enterprise phishing simulation program, including campaign planning, user segmentation, scheduling, templates, landing pages, and reporting, ensuring simulations reflect current threat trends and business relevant scenarios. 
• Design and deliver targeted security awareness and training materials, such as microlearning's, job aids, tip sheets, and role or behavior based interventions informed by simulation results and observed attack patterns. 
• Analyze phishing simulation and awareness metrics, including susceptibility rates, reporting rates, repeat clickers, and false positives, and translate results into actionable insights and recommendations for technical and business stakeholders. 
• Continuously mature the phishing and awareness program, introducing new attack techniques (e.g., QR phishing, OAuth consent phishing, BEC scenarios) and adjusting cadence, difficulty, and messaging to align with organizational risk priorities. 
• Partner with Cybersecurity leadership, HR, and Compliance to align phishing simulations and awareness initiatives with policy requirements, training expectations, and broader culture of security objectives. 
• Serve as a subject matter resource for phishing related education, providing guidance to stakeholders on emerging social engineering trends and prevention strategies. 
• Monitor email security posture and phishing activity to identify trends and insights that inform awareness content and simulation design. 
• Coordinate with Incident Response and other cyber teams on confirmed incidents, ensuring lessons learned are fed back into simulations and training content to prevent recurrence. 

Program and Operational Support

• Generate regular metrics for reporting and dashboards covering phishing simulation performance, awareness effectiveness, email threat trends, and communicate results clearly to both technical and nontechnical audiences. 
• Support tuning and optimization of phishing defense and email security tooling where improvements directly enhance reporting accuracy, user experience, or simulation fidelity. 
• Document simulations, investigations, and program changes to ensure repeatability, auditability, and continuous improvement. 

Qualifications & Experience

• 3+ years of experience in cybersecurity, security awareness, phishing defense, or a closely related discipline, with hands-on experience supporting phishing simulations and/or user education initiatives. 
• Practical experience with phishing simulation and email security platforms, ideally including KnowBe4, Abnormal, and/or Proofpoint (or comparable enterprise solutions). 
• Strong understanding of phishing and social engineering techniques, attacker tradecraft, and how human behavior influences organizational security risk. 
• Working knowledge of email security fundamentals (message anatomy, headers, URLs, attachments, sender reputation) sufficient to support investigations and accurate training content. 
• Demonstrated ability to analyze metrics and trends and translate technical data into clear, actionable awareness messaging. 
  Strong written and verbal communication skills, with the ability to engage effectively with technical teams and end users. 
  Experience working with documentation, metrics, and repeatable processes to support program maturity and operational consistency.