Social Engineering Specialist
NES Fircroft
NES Fircroft is a leading global technical recruitment company providing professional contract and permanent staff to a diverse worldwide client base within the oil & gas industry.
Job Title: Social Engineering Specialist
Location: Calgary, AB
Length: 1 Year (with potential extension)
Rotation: Monday - Friday
Role Summary
The Social Engineering Lead is responsible for establishing and leading the company's enterprise human risk reduction capability. This role defines the strategy, operating model, and measurement of a scalable, intelligence-driven Social Engineering Program that integrates multi-channel simulation, targeted awareness, and executive-level risk insight.
The role addresses rapidly evolving, AI-enabled threats by strengthening employee decision-making, reducing human-driven risk, and enabling data-driven visibility into organizational security behavior.
Key Responsibilities
Program Strategy & Capability Development
- Establish and mature an enterprise-wide human risk reduction capability aligned to evolving threat landscapes.
- Define and implement the Social Engineering Program strategy, operating model, and governance framework.
- Standardize program design, execution, and measurement across Enterprise Security and supporting teams.
- Continuously evolve program capabilities to address emerging threats, including AI-enabled and multi-channel attacks.
Simulation Design & Execution
- Lead end-to-end planning and execution of social engineering simulations across phishing, vishing, smishing, and emerging channels (e.g., deepfakes).
- Develop realistic, role-based scenarios reflecting current attacker techniques and business-relevant risks.
- Ensure simulations are intelligence-driven, risk-based, and aligned to organizational priorities.
Program Operations
- Coordinate day-to-day delivery of simulation activities across tools, vendors, and internal stakeholders.
- Ensure consistency, quality, and compliance with enterprise standards, policies, and processes.
- Drive efficiency and scalability through standardized execution models and vendor alignment.
- Evaluate related incidents and ensure reporting, lessons learned, and remediation activities are incorporated into the Social Engineering Program and other relevant security initiatives.
Awareness & Behaviour Reinforcement
- Integrate simulation outcomes with targeted awareness and training initiatives to drive measurable behaviour change.
- Support development of focused interventions for high-risk user groups and behaviours.
- Reinforce a culture of security awareness through continuous, real-world exposure to emerging threats.
Metrics, Analytics & Reporting
- Develop and maintain standardized metrics to measure human risk, program performance, and behavioural trends.
- Analyze simulation data (e.g., click rates, reporting behaviour, response patterns) to generate actionable insights.
- Deliver executive-level reporting and dashboards that provide clear visibility into human risk across the enterprise.
- Improve the quality, consistency, and reliability of human risk data to support informed decision-making.
Stakeholder & Cross-Functional Alignment
- Partner with Detection & Response, Privacy, Human Resources, and Corporate Communications to align simulations with incident response plans, policies, and organizational messaging.
- Engage stakeholders across the enterprise to embed program objectives and drive adoption.
- Provide subject matter expertise on social engineering risks and mitigation strategies to leadership and enterprise partners.
Role Scope
- Leads the development and maturity of TC Energy's enterprise Social Engineering Program.
- Ensures alignment with cybersecurity strategy, governance requirements, and industry best practices.
- Provides expert guidance on evolving social engineering threats, including AI-enabled attacks and emerging attack vectors.
- Influences leadership decision-making through risk-based insights, analytics, and executive reporting.
- Drives behavioural risk reduction initiatives that strengthen the organization's overall security posture.
Qualifications
- Strong experience in social engineering, security awareness, cybersecurity, or risk management.
- Proven ability to design, implement, and scale enterprise security programs and operating models.
- Strong analytical skills with the ability to interpret behavioural data and translate insights into actionable recommendations.
- Excellent communication skills, including the ability to distill complex security threats into clear executive-level messaging.
- Experience collaborating across multiple stakeholder groups in a complex, fast-paced environment.
- Knowledge of phishing, vishing, smishing, social engineering assessment methodologies, and human risk management principles.
- Experience with security awareness platforms, phishing simulation tools, and reporting dashboards is considered an asset.
Working Conditions
- Office-based or hybrid work environment.
- Occasional travel may be required to support stakeholder engagement, workshops, or enterprise initiatives.
- May be required to support activities outside regular business hours during security incidents or program deployments.
Apply here or send your resume to ***email_hidden***