Sr. Cybersecurity Analyst, Security Awareness & Employee Engagement

Rivian is on a mission to keep the world adventurous forever. This goes for the emissions-free Electric Adventure Vehicles we build, and the curious, courageous souls we seek to attract.

As a company, we constantly challenge what's possible, never simply accepting what has always been done. We reframe old problems, seek new solutions and operate comfortably in areas that are unknown. Our backgrounds are diverse, but our team shares a love of the outdoors and a desire to protect it for future generations.

Working in an agile environment, the Senior Cybersecurity Analyst (Security Awareness and Employee Engagement) will design and drive Rivian's global, behavior-focused security awareness program and engagement strategy to reduce human risk and strengthen our culture of security. This role will report to the Senior Director of Cybersecurity in the Rivian Enterprise Cybersecurity organization and will partner closely across Cybersecurity, IT, People Team,
Communications, Legal/Privacy, and business operations. The ideal candidate brings a blend of security domain knowledge, behavior change expertise, crisp storytelling, and data-driven program management to deliver measurable risk reduction and an employee experience people love. The location of this role is flexible, and will report to our Sr. Director, Cybersecurity.

• Serve as the program lead for Rivian's security awareness and employee engagement strategy, defining the annual plan, editorial calendar, and outcomes that drive measurable behavior change.
• Design and deliver engaging, multi-channel campaigns (e.g., Cybersecurity Awareness Month), sustained microlearning, and just-in-time guidance aligned to top human risks and business priorities.
• Develop high-quality content and experiences across formats and channels, including e- learning, micro-modules, short-form video, live sessions, infographics, intranet content, Slack/Email, and site/poster assets.
• Customize education and messages for distinct audiences (manufacturing, service centers, corporate, engineering, executives) and roles based on risk profiles and workflows.
• Develop cybersecurity communications for employee engagement and awareness and partner with the Enterprise Communications teams to distribute communications through various channels.
• Partner with People Team/Learning to manage mandatory training cycles, role-based learning paths, and compliance-ready tracking aligned to applicable standards and regulations (e.g., NIST CSF, ISO 27001, OWASP, HIPAA, TISAX).
• Establish and manage a global Security Champions/Cybersecurity Drivers network; equip champions with toolkits, office hours, and recognition that amplifies local impact. In addition, manage the Cybersecurity Drivers Slack channel.
• Define and report KPIs/KRIs that matter (e.g., completion and pass rates, report rates, behavior adoption, risk reduction indicators, sentiment); provides visual displays of insights.
• Localize content and experiences for global audiences, account for cultural nuances, accessibility, and inclusive design. Model best-in-class project and change management practices, track milestones, identify awareness and engagement risks and dependencies across multiple concurrent initiatives.
• Provide valuable delivery insights derived from multiple sources and communicate metrics which teams can use to drive continuous improvement.
• Communicate expectations and carefully track progress to ensure standards are met at a systematic level; follows up to keep work on track.
• Stay updated on industry trends and best practices in risk and controls and proactively recommend improvements to the Cybersecurity Risk Management Program.
• Seek to understand different perspectives to resolve conflict.

• 5+ years leading or significantly contributing to security awareness, internal communications, behavior change, or learning programs in a global, cross-functional environment.
• BA/BS in Communications, Instructional Design, Information Security, or a related field, or equivalent practical experience.
• Certifications such as SANS Security Awareness Professional (SSAP) or Certified Security Awareness Practitioner (CSAP) are preferred; CISSP, CISM, Change Management, or PMP are a plus.
• Proven ability to craft clear, compelling narratives and educational materials across formats (presentations, videos, e-learning, written communications)
• Demonstrated behavior change mindset, applying human-centered design, nudge techniques, and experimentation to drive measurable outcomes
• Integrate the use of approved AI platforms to accelerate content development, localization, and analytics while adhering to Rivian's security and privacy requirements.
• Data-driven with experience defining metrics, building dashboards (e.g., PowerBI/Tableau), and using analytics to assess and iterate on program performance.
• Hands-on experience with LMS and authoring tools (e.g., Articulate/Captivate), phishing simulation platforms, and collaboration channels (e.g., Google Workspace, Slack, intranet)
• Strong stakeholder management, and consulting skills; able to influence across levels and functions and resolve competing priorities
• Excellent verbal and written communication skills; comfortable speaking both technically and non-technically as appropriate
• Critical thinking and creative problem-solving skills
• Able to triage multiple initiatives to address the right problems at the right time
• Excellent interpersonal and team building skills

Salary Range (California Applicants): $132,100 - 175,000 (actual compensation will be determined based on experience, location, and other factors permitted by law).

Benefits Summary: Rivian provides robust medical/Rx, dental and vision insurance packages for full-time employees, their spouse or domestic partner, and children up to age 26. Coverage is effective on the first day of employment, and Rivian covers most of the premiums.

Rivian is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, ancestry, sex, sexual orientation, gender, gender expression, gender identity, genetic information or characteristics, physical or mental disability, marital/domestic partner status, age, military/veteran status, medical condition, or any other characteristic protected by law.

Rivian is committed to ensuring that our hiring process is accessible for persons with disabilities. If you have a disability or limitation, such as those covered by the Americans with Disabilities Act, that requires accommodations to assist you in the search and application process, please email us at candidateaccommodations@rivian.com.

Rivian may collect, use and disclose your personal information or personal data (within the meaning of the applicable data protection laws) when you apply for employment and/or participate in our recruitment processes ("Candidate Personal Data"). This data includes contact, demographic, communications, educational, professional, employment, social media/website, network/device, recruiting system usage/interaction, security and preference information. Rivian may use your Candidate Personal Data for the purposes of (i) tracking interactions with our recruiting system; (ii) carrying out, analyzing and improving our application and recruitment process, including assessing you and your application and conducting employment, background and reference checks; (iii) establishing an employment relationship or entering into an employment contract with you; (iv) complying with our legal, regulatory and corporate governance obligations; (v) recordkeeping; (vi) ensuring network and information security and preventing fraud; and (vii) as otherwise required or permitted by applicable law.

Rivian may share your Candidate Personal Data with (i) internal personnel who have a need to know such information in order to perform their duties, including individuals on our People Team, Finance, Legal, and the team(s) with the position(s) for which you are applying; (ii) Rivian affiliates; and (iii) Rivian's service providers, including providers of background checks, staffing services, and cloud services.

Rivian may transfer or store internationally your Candidate Personal Data, including to or in the United States, Canada, the United Kingdom, and the European Union and in the cloud, and this data may be subject to the laws and accessible to the courts, law enforcement and national security authorities of such jurisdictions.

Please note that we are currently not accepting applications from third party application services.