Cybersecurity Human Risk Management Analyst

Cybersecurity Human Risk Management Analyst

Location: Birmingham, AL or Atlanta, GA

Onsite 4 days a week

Job Description

At Southern Company, our core objective is to ensure a safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Southern Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.

Position Overview:

Southern Company is seeking a passionate and experienced cybersecurity human risk management professional to support our Cyber Safety program with identifying security behaviors and data sources, coordinating data ingest, and executing targeted security awareness interventions that measurably reduce human-related security risks. This role bridges data strategy, platform configuration and practical interventions through training programs, phishing simulations, awareness campaigns and behavioral changes. The position partners closely with IT, risk management, compliance, human resources, and business leaders to ensure employees understand and act on their role in protecting the organization.

Qualifications:

• Bachelor’s degree in Information Systems, Cybersecurity, Risk Management, or a related field
• Minimum 6 years of experience working in cybersecurity, risk management, business analytics, requirements analysis or other related field
• Strong understanding of Cybersecurity concepts, including awareness of relevant industry trends, standard processes, and best practices in cybersecurity metrics and reporting
• Understanding of common cyber threats including phishing, social engineering and insider threats
• Experience working with security tools and understanding their data outputs (SIEM, email security, EDR, DLP, IAM, phishing platforms)
• Practical understanding of cybersecurity risk management and human risk factors
• Familiarity with security frameworks such as NIST or ISO 27001
• Experience supporting risk programs, training, or enterprise communications
• Experience with security awareness platforms, phishing simulation tools or HRM platforms preferred
• Ability to translate technical and behavioral risk into business language
• Proficiency with data analysis and visualization tools (Excel, Power BI, platform dashboards)
• Ability to analyze data, identify trends, and draw meaningful conclusions
• Understanding of security data sources, APIs and data integration concepts
• Strong analytical and problem-solving skills to interpret data and provide actionable insights
• Proactive and self-motivated approach to work, with excellent problem-solving and analytical skills
• Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
• Strong written and verbal communication and presentation skills
• Ability to effectively communicate findings and work with various stakeholders, including technical, non-technical and executive-level audiences
• Ability to work effectively at all levels of the organization, from executive committee to individual contributors
• Energy sector or critical infrastructure experience a plus

Job Responsibilities:

• Identify top human‑driven cyber risks behaviors to track and measure based on organizational risk priorities, threat landscape and security objectives
• Design and manage programs that reduce risky behaviors and improve secure decision‑making
• Determine which data sources are needed to measure targeted behaviors (e.g., phishing platforms, email security logs, SIEM alerts, EDR events, IAM access logs, training platforms, DLP incidents)
• Work with data owners and technical teams to develop data ingestion plans, coordinate API access, define data formats and establish data refresh schedules
• Collaborate with platform teams (whether built in-house or a third-party HRM vendor) to configure data connectors, validate data flows and ensure accurate risk scoring
• Monitor data quality and completeness, troubleshoot integration issues and ensure platform risk scores accurately reflect observed security behaviors
• Analyze platform-generated risk scores and behavioral patterns to identify high-risk individuals, teams and departments requiring intervention
• Design and deploy risk-based interventions including personalized training, phishing simulations, microlearning modules and behavioral nudges
• Run simulated phishing campaigns, awareness campaigns, and targeted interventions and manager‑led change activities to improve secure behaviors and reduce risky actions
• Create and execute security awareness campaigns, internal communications and gamification initiatives to drive engagement and behavior c