Security Awareness & Phishing Simulation Specialist (KnowBe4)

Role: Security Awareness & Phishing Simulation Specialist (KnowBe4)

Location: New York, NY 10017 (100% Onsite)

Contract

Implementation partner - *********

End Client - Investment Company

Exp - 10+

Role Overview

We are seeking a skilled Security Awareness & Phishing Simulation Specialist with hands-on experience in KnowBe4 to design, execute, and manage enterprise-wide phishing campaigns and security awareness training programs.

The role focuses on reducing human risk by improving employee security behaviour through data-driven phishing simulations, training campaigns, reporting, and continuous improvement.

Key Responsibilities

Phishing Campaign Management (KnowBe4)

• Design, configure, and execute ongoing phishing simulation campaigns using KnowBe4.
• Customize phishing templates (emails, landing pages, attachments, URLs) based on: 
• Risk profiles
• Department / region
• Threat trends
• Schedule baseline, monthly, and targeted campaigns (e.g., executives, finance, IT).
• Implement adaptive phishing and risk-based targeting.
• Tune difficulty levels over time to align with program maturity.

Security Awareness Training

• Plan and administer security awareness training campaigns using KnowBe4 modules.
• Assign training based on: 
• User role
• Risk score
• Prior phishing failures
• Manage mandatory, remedial, and role-based training.
• Track training completion, overdue users, and escalations.

Reporting, Metrics & KPIs

• Generate and analyze metrics such as: 
• Phish-prone percentage (PPP)
• Click rates, credential submission rates
• Reporting rates
• Training completion rates
• Deliver monthly and quarterly executive-ready reports.
• Provide insights and recommendations to improve user behavior.
• Maintain dashboards aligned to human risk reduction KPIs.

Integration & Automation

• Integrate KnowBe4 with: 
• Microsoft Entra ID / Azure AD
• Okta (if applicable)
• Email gateways (O365 / Exchange / Proofpoint)
• SIEM / SOAR platforms (e.g., Splunk, XSOAR – optional)
• Manage Phish Alert Button (PAB) deployment and reporting workflows.
• Support automation for user provisioning, group sync, and reporting.

Governance & Program Support

• Support policy-aligned security awareness programs (ISO 27001, SOC 2, NIST, PCI DSS).
• Assist during internal audits and client assessments.
• Coordinate with HR, IT, and Compliance teams.
• Maintain SOPs, playbooks, and campaign calendars.

Required Technical Skills

Mandatory

• Strong hands-on experience with KnowBe4, including: 
• Phishing campaigns
• Training campaigns
• Reporting & dashboards
• Good understanding of: 
• Phishing techniques (credential harvest, attachments, smishing basics)
• Email security concepts
• Experience with Microsoft 365 / Exchange Online environments.
• Strong Excel and reporting skills.

Good to Have

• Integration experience with Proofpoint, Mimecast, Defender for Office 365.
• Awareness of human risk management concepts.
• Familiarity with NIST Security Awareness Framework.
• Experience supporting global / multi-geo organizations.

Soft Skills

• Strong stakeholder communication skills.
• Ability to translate metrics into clear executive insights.
• High attention to detail and governance mindset.
• Self-driven and process-oriented.

Deliverables & KPIs

• Reduction in phish-prone percentage over time.
• Improved email reporting rate.
• On-time completion of awareness training.
• Accurate and consistent executive reporting.
• Continuous improvement recommendations.