Social Engineering Specialist
-
Pay Rate: $63.68/hour, depending on experience
-
Contract Length: 12 Months
- Location: Calgary, Alberta
Raise is currently hiring a Social Engineering Specialist on behalf of our client. They’re expanding their team to meet growing needs, making this a unique opportunity to work with an industry leader. Our Client, is one of North America's leading energy infrastructure companies with operations in natural gas, oil and power industries throughout Canada, the United States, and Mexico
Note: The primary pay rate is based on T4 classification; however, we will also consider applications from candidates interested in an INC classification, where applicable.
Description
The Social Engineering Lead in this role will be responsible for establishing and leading our clients enterprise human risk reduction capability. This role defines the strategy, operating model, and measurement of a scalable, intelligence-driven Social Engineering Program that integrates multi-channel simulation, targeted awareness, and executive-level risk insight. The role addresses rapidly evolving, AI-enabled threats by strengthening employee decision-making, reducing human-driven risk, and enabling data-driven visibility into organizational security behavior.
Responsibilities
- Program Strategy & Capability Development:
-
Establish and mature an enterprise-wide human risk reduction capability aligned to evolving threat landscapes.
-
Define and implement the Social Engineering Program strategy, operating model, and governance framework.
-
Standardize program design, execution, and measurement across Enterprise Security and supporting teams.
-
Continuously evolve program capabilities to address emerging threats, including AI-enabled and multi-channel attacks.
-
Simulation Design & Execution:
-
Lead end-to-end planning and execution of social engineering simulations across phishing, vishing, smishing, and emerging channels (e.g., deepfakes).
-
Develop realistic, role-based scenarios reflecting current attacker techniques and business-relevant risks.
-
Ensure simulations are intelligence-driven, risk-based, and aligned to organizational priorities.
-
Program Operations & Coordination:
-
Coordinate day-to-day delivery of simulation activities across tools, vendors, and internal stakeholders.
-
Ensure consistency, quality, and compliance with enterprise standards, policies, and processes.
-
Drive efficiency and scalability through standardized execution models and vendor alignment.
-
Evaluate any related incidents and ensure proper reporting and remediations are incorporated into social engineering or other relevant programs
-
Awareness & Behavior Reinforcement:
-
Integrate simulation outcomes with targeted awareness and training initiatives to drive behavior change.
-
Support development of focused interventions for high-risk user groups and behaviors.
-
Reinforce a culture of security awareness through continuous, real-world exposure to threats.
-
Metrics, Analytics & Reporting:
-
Develop and maintain standardized metrics to measure human risk, program performance, and behavioral trends.
-
Analyze simulation data (e.g., click rates, reporting behavior, response patterns) to generate actionable insights.
-
Deliver executive-level reporting and dashboards that provide clear visibility into human risk across the enterprise.
-
Improve the quality, consistency, and reliability of human risk data for decision-making.
-
Stakeholder & Cross-Functional Alignment:
-
Partner with Detection & Response, Privacy, HR, and Corporate Communications to align simulations with incident response, policy, and messaging.
-
Engage stakeholders across the organization to embed program objectives and drive adoption.
-
Provide subject matter expertise on social engineering risk to leadership and enterprise partners.
Qualifications
-
7+ years of progressive experience in cybersecurity, information security, or IT risk management.
-
3–5+ years of dedicated, hands-on experience designing, scaling, and managing enterprise-wide social engineering simulation programs (phishing, vishing, smishing).
-
2+ years of experience in a leadership, program-lead, or strategic role establishing security operating models, governance, and metrics frameworks.
-
Proven experience navigating complex, highly regulated enterprise environments (such as the energy, utility, oil and gas, or financial sectors).
Domain-Specific Experience:
-
Deep experience constructing and executing multi-channel simulation campaigns, including advanced vectors like deepfakes, AI-powered pretexting, voice/vishing, and SMS-based smishing.
-
Strong experience translating complex, technical threat intelligence into realistic, role-based simulated attacks targeting specific business units or high-risk user groups.
-
Experience managing third-party security vendors, evaluating simulation platforms, and integrating vendor solutions into internal workflows.
-
Experience partnering closely with cross-functional corporate teams such as Human Resources, Corporate Communications, Legal, Privacy, and Security Operations (SOC) to coordinate testing and remediations.
-
Experience conducting post-incident analysis on real-world social engineering attempts and incorporating lessons learned back into behavioral reinforcement programs.
Technical Skills:
-
High proficiency with enterprise-grade social engineering and phishing simulation platforms (e.g., KnowBe4, PhishMe/Cofense, Proofpoint, or open-source frameworks like GoPhish).
-
Deep understanding of administrative, technical, and physical social engineering vectors, psychological triggers (authority, urgency, scarcity), and defensive controls.
-
Solid grasp of evolving AI-enabled threat landscapes, including generative AI tools used for deepfakes, voice cloning, and hyper-personalized spear-phishing.
-
Analytical proficiency in data manipulation and visualization tools (e.g., Power BI, Excel, Tableau) to analyze click rates, reporting metrics, and user behavior trends.
-
Familiarity with email security protocols (DKIM, SPF, DMARC), mail routing, and whitelisting mechanics to ensure simulation deliverability.
Professional & Soft Skills:
-
Excellent executive-level communication and presentation skills, with the ability to translate complex, human-centric security risks into clear business impacts for senior leadership.
-
High emotional intelligence and diplomatic communication skills to successfully navigate organizational changes and champion a positive, blame-free security culture.
-
Strong project management and organization skills to manage day-to-day program logistics, timelines, and cross-functional dependencies.
-
Strategic thinking to design a long-term roadmap for human risk reduction that aligns with TC Energy’s corporate safety and security goals.
Education & Certifications (Preferred):
-
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Psychology, Behavioral Science, or a related field.
-
Professional security designations such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control).
-
Specialized credentials like SANS GIAC Security Awareness Professional (SSAP), Certified Ethical Hacker (CEH), or specialized social engineering certifications (e.g., APSE, SEPP) are highly valued.
Looking for meaningful work? We can help!
Raise is an established hiring firm with over 65 years of experience. We believe strongly in making the world a better place through work, which is why we’re a certified B Corporation and donate 10% of our profits to charity.
We strive to build teams that reflect the diversity of the communities we work in. We encourage all qualified applicants to apply, including people from traditionally underrepresented groups such as women, visible minorities, Indigenous peoples, people identifying as LGBTQ2SI, veterans, and people with visible/nonvisible disabilities.
We have a dedicated webpage for accommodations where you can learn more about what we offer and request accommodation: https://raise.jobs/accommodations/
In order to submit candidates for roles, our clients will sometimes require personal information to confirm the identity of applicants and their legal status to work. Raise will never ask you for personal or banking information unless you have been selected for a job. If you are ever unsure about the legitimacy of this or any other Raise job posting (or have any other questions), please contact us at +1 800-567-9675 or [email protected].
#WES
#LI-SC1