Job Specifications
About Ping Identity:
At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.
Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear.
While protecting digital identities is at the core of our technology, protecting individual identities is at the core of our culture. We champion every identity. One of our core values, Respect Individuality, reminds us to celebrate differences so you are empowered to bring your authentic self to work.
We're headquartered in Denver, Colorado and we have offices and employees around the globe. We serve the largest, most demanding enterprises worldwide, including more than half of the Fortune 100. At Ping Identity, we're changing the way people and businesses think about cybersecurity, digital experiences, and identity and access management.
We are hiring a Security Awareness & Culture Manager to own and mature our global security awareness programme. You will be responsible for the full lifecycle of security awareness and training at Ping Identity – from annual mandatory training and targeted campaigns, through to phishing simulations, security briefings, internal communications, and external awareness initiatives.
Reporting into the Information Security organisation, you will work closely with Enterprise Security, Privacy, People Team, Corporate Communications and Marketing to drive measurable improvements in security and risk awareness across the company.
This is a full‑time, remote role based in the UK.
What You’ll Do
You will:
Own and evolve Ping Identity’s global security awareness and training programme, aligning it with our security policies, standards, and compliance obligations.
Design, deliver and continuously improve annual mandatory security and privacy training for all employees and contractors, including onboarding and refresher content.
Plan and run targeted, ad‑hoc training and awareness campaigns (e.g. data handling, secure engineering, AI usage, vendor risk, incident reporting) for specific audiences and risk areas.
Lead our phishing simulation programme – including campaign design, execution, measurement and follow‑up coaching – to improve phishing resilience and reporting behaviours.
Develop and deliver security briefings for leadership, business units and project teams, translating technical risk into clear, business‑relevant narratives.
Create and manage security communications across channels (email, intranet, Slack/Teams, town halls, videos, newsletters, micro‑learning), ensuring consistent tone and messaging.
Build and run risk and security awareness programmes for key stakeholder groups (e.g. engineers, product teams, GTM, HR, Finance, executives), tailored to their roles and risk profile.
Partner with Corporate Communications and Marketing on external awareness and education campaigns, including thought leadership, awareness months/weeks, and customer‑facing content where appropriate.
Define and track key performance indicators (e.g. training completion, phishing susceptibility and reporting rates, survey results, behavioural metrics) and use data to drive continuous improvement.
Maintain an up‑to‑date calendar of awareness activities aligned to our threat landscape, audit/compliance timelines, and business priorities.
Ensure all content reflects best practice in adult learning and behaviour change, and is accessible, engaging and inclusive for a global workforce.
Vendor‑manage any external awareness, e‑learning or phishing providers, ensuring commercial, security and privacy requirements are met.
What We’re Looking For
You have:
3+ years’ experience in a dedicated security awareness, security education, security communications, or closely related role, ideally within a SaaS or technology‑driven organisation.
Proven experience owning or significantly contributing to a company‑wide security awareness and training programme, including annual mandatory training and ongoing campaigns.
Hands‑on experience designing and running phishing simulation programmes and using the results to influence behaviour and reduce risk.
Strong skills in storytelling and communication – able to turn complex security and risk concepts into clear, compelling messages for non‑technical audiences.
Experience developing multi‑channel content (presentations, e‑learning modules, videos, job aids, intranet pages, newsletters, etc.) with a focus on engagement and behaviour change.
Familiarity with relevant frameworks and standards for training and awareness (e.g. ISO 27001 / ISO 27002 awareness controls, NIST 800‑50) and how they apply in practice.
Comfortable partnering with senior stakeholders a