Social Engineering Specialist

NES Fircroft

NES Fircroft is a leading global technical recruitment company providing professional contract and permanent staff to a diverse worldwide client base within the oil & gas industry.

Job Title: Social Engineering Specialist

Location: Calgary, AB

Length: 1 Year (with potential extension)

Rotation: Monday - Friday

Role Summary

The Social Engineering Lead is responsible for establishing and leading the company's enterprise human risk reduction capability. This role defines the strategy, operating model, and measurement of a scalable, intelligence-driven Social Engineering Program that integrates multi-channel simulation, targeted awareness, and executive-level risk insight.

The role addresses rapidly evolving, AI-enabled threats by strengthening employee decision-making, reducing human-driven risk, and enabling data-driven visibility into organizational security behavior.

Key Responsibilities

Program Strategy & Capability Development

  • Establish and mature an enterprise-wide human risk reduction capability aligned to evolving threat landscapes.
  • Define and implement the Social Engineering Program strategy, operating model, and governance framework.
  • Standardize program design, execution, and measurement across Enterprise Security and supporting teams.
  • Continuously evolve program capabilities to address emerging threats, including AI-enabled and multi-channel attacks.

Simulation Design & Execution

  • Lead end-to-end planning and execution of social engineering simulations across phishing, vishing, smishing, and emerging channels (e.g., deepfakes).
  • Develop realistic, role-based scenarios reflecting current attacker techniques and business-relevant risks.
  • Ensure simulations are intelligence-driven, risk-based, and aligned to organizational priorities.

Program Operations

  • Coordinate day-to-day delivery of simulation activities across tools, vendors, and internal stakeholders.
  • Ensure consistency, quality, and compliance with enterprise standards, policies, and processes.
  • Drive efficiency and scalability through standardized execution models and vendor alignment.
  • Evaluate related incidents and ensure reporting, lessons learned, and remediation activities are incorporated into the Social Engineering Program and other relevant security initiatives.

Awareness & Behaviour Reinforcement

  • Integrate simulation outcomes with targeted awareness and training initiatives to drive measurable behaviour change.
  • Support development of focused interventions for high-risk user groups and behaviours.
  • Reinforce a culture of security awareness through continuous, real-world exposure to emerging threats.

Metrics, Analytics & Reporting

  • Develop and maintain standardized metrics to measure human risk, program performance, and behavioural trends.
  • Analyze simulation data (e.g., click rates, reporting behaviour, response patterns) to generate actionable insights.
  • Deliver executive-level reporting and dashboards that provide clear visibility into human risk across the enterprise.
  • Improve the quality, consistency, and reliability of human risk data to support informed decision-making.

Stakeholder & Cross-Functional Alignment

  • Partner with Detection & Response, Privacy, Human Resources, and Corporate Communications to align simulations with incident response plans, policies, and organizational messaging.
  • Engage stakeholders across the enterprise to embed program objectives and drive adoption.
  • Provide subject matter expertise on social engineering risks and mitigation strategies to leadership and enterprise partners.

Role Scope

  • Leads the development and maturity of TC Energy's enterprise Social Engineering Program.
  • Ensures alignment with cybersecurity strategy, governance requirements, and industry best practices.
  • Provides expert guidance on evolving social engineering threats, including AI-enabled attacks and emerging attack vectors.
  • Influences leadership decision-making through risk-based insights, analytics, and executive reporting.
  • Drives behavioural risk reduction initiatives that strengthen the organization's overall security posture.

Qualifications

  • Strong experience in social engineering, security awareness, cybersecurity, or risk management.
  • Proven ability to design, implement, and scale enterprise security programs and operating models.
  • Strong analytical skills with the ability to interpret behavioural data and translate insights into actionable recommendations.
  • Excellent communication skills, including the ability to distill complex security threats into clear executive-level messaging.
  • Experience collaborating across multiple stakeholder groups in a complex, fast-paced environment.
  • Knowledge of phishing, vishing, smishing, social engineering assessment methodologies, and human risk management principles.
  • Experience with security awareness platforms, phishing simulation tools, and reporting dashboards is considered an asset.

Working Conditions

  • Office-based or hybrid work environment.
  • Occasional travel may be required to support stakeholder engagement, workshops, or enterprise initiatives.
  • May be required to support activities outside regular business hours during security incidents or program deployments.

Apply here or send your resume to ***email_hidden***