Information security is recognized as a management issue. Sarbanes-Oxley specifies that management is ultimately responsible for the security, accuracy, and privacy of information relating to corporate financial records and by ricochet the protection of Personally Identifiable Information (PII). Many organizations have established information security program. One of the key components of an information security program is to build security awareness as humans are considered as the weakest link of the security chain. In order for security awareness programs to add value to an organization and stay effective against the threat against human hacking, it is important to measure and continuously improve its effectiveness. This paper uses design science research approach to propose a prototype for continuous security awareness improvement in financial institutions. The prototype will be contribution in the information security field and will guide decision makers at financial institutions in their choice of security awareness product.