Cybersecurity Human Risk Management Analyst

Southern Company • Atlanta, GA • 13h ago

Cybersecurity Human Risk Management Analyst

Location: Birmingham, AL or Atlanta, GA

Onsite 4 days a week

Job Description

At Southern Company, our core objective is to ensure a safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Southern Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.

Position Overview:

Southern Company is seeking a passionate and experienced cybersecurity human risk management professional to support our Cyber Safety program with identifying security behaviors and data sources, coordinating data ingest, and executing targeted security awareness interventions that measurably reduce human-related security risks. This role bridges data strategy, platform configuration and practical interventions through training programs, phishing simulations, awareness campaigns and behavioral changes. The position partners closely with IT, risk management, compliance, human resources, and business leaders to ensure employees understand and act on their role in protecting the organization.

Qualifications:

Bachelor’s degree in Information Systems, Cybersecurity, Risk Management, or a related field
Minimum 6 years of experience working in cybersecurity, risk management, business analytics, requirements analysis or other related field
Strong understanding of Cybersecurity concepts, including awareness of relevant industry trends, standard processes, and best practices in cybersecurity metrics and reporting
Understanding of common cyber threats including phishing, social engineering and insider threats
Experience working with security tools and understanding their data outputs (SIEM, email security, EDR, DLP, IAM, phishing platforms)
Practical understanding of cybersecurity risk management and human risk factors
Familiarity with security frameworks such as NIST or ISO 27001
Experience supporting risk programs, training, or enterprise communications
Experience with security awareness platforms, phishing simulation tools or HRM platforms preferred
Ability to translate technical and behavioral risk into business language
Proficiency with data analysis and visualization tools (Excel, Power BI, platform dashboards)
Ability to analyze data, identify trends, and draw meaningful conclusions
Understanding of security data sources, APIs and data integration concepts
Strong analytical and problem-solving skills to interpret data and provide actionable insights
Proactive and self-motivated approach to work, with excellent problem-solving and analytical skills
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Strong written and verbal communication and presentation skills
Ability to effectively communicate findings and work with various stakeholders, including technical, non-technical and executive-level audiences
Ability to work effectively at all levels of the organization, from executive committee to individual contributors
Energy sector or critical infrastructure experience a plus

Job Responsibilities:

Identify top human‑driven cyber risks behaviors to track and measure based on organizational risk priorities, threat landscape and security objectives
Design and manage programs that reduce risky behaviors and improve secure decision‑making
Determine which data sources are needed to measure targeted behaviors (e.g., phishing platforms, email security logs, SIEM alerts, EDR events, IAM access logs, training platforms, DLP incidents)
Work with data owners and technical teams to develop data ingestion plans, coordinate API access, define data formats and establish data refresh schedules
Collaborate with platform teams (whether built in-house or a third-party HRM vendor) to configure data connectors, validate data flows and ensure accurate risk scoring
Monitor data quality and completeness, troubleshoot integration issues and ensure platform risk scores accurately reflect observed security behaviors
Analyze platform-generated risk scores and behavioral patterns to identify high-risk individuals, teams and departments requiring intervention
Design and deploy risk-based interventions including personalized training, phishing simulations, microlearning modules and behavioral nudges
Run simulated phishing campaigns, awareness campaigns, and targeted interventions and manager‑led change activities to improve secure behaviors and reduce risky actions
Create and execute security awareness campaigns, internal communications and gamification initiatives to drive engagement and behavior change
Develop scorecards and dashboards that communicate risk posture for individuals, teams and departments
Build metrics frameworks and produce reports demonstrating program effectiveness, intervention impact and measurable risk reduction
Support development of outcome-driven metrics (KPIs/KRIs/KCIs/ODMs/OKRs) for human risk
Analyze results and continuously improve employee resilience to attacks
Coordinate across security, IT, HR, compliance, and business teams to address high-risk populations and validate that platform insights align with observed behaviors
Stay current with platform capabilities, emerging threats and best practices in security awareness and human risk management
Identify and communicate human‑related cyber risks to leadership and stakeholders
Support enterprise risk reporting with human risk metrics
Draft and publish organizational communications and web content
Document and maintain information security policies and standards aligned to risk appetite and regulatory expectations
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Cybersecurity and the business
Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment

Job Requirements :

Demonstrated ability to design and execute behavior change programs at an enterprise scale
Experience developing and tracking outcome-driven metrics tied to human factor risk reduction
Demonstrated ability to collect and understand business requirements and to conceive and present appropriate solutions
Strong storytelling and content creation skills, including the ability to develop compelling awareness campaigns, videos, newsletters, and intranet content
Ability to work independently and within diverse team environments
Relevant certifications (Security+, SSAP, CISM, CISSP) preferred.
Occasional travel to local and regional locations in pursuit of job duties and requirements
Must be willing and able to obtain and maintain US government security clearance
Required to submit to a thorough background examination, including NERC CIP and Insider Threat Protection checks
Relevant certifications and familiarity with behavioral science, psychology of security, or human factors principles as applied to cybersecurity are highly desirable

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and beneﬁts will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 17559

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services