Cyber Security Culture and Awareness Lead

We are currently recruiting for a Cyber Security Culture and Awareness lead based in Exeter (Hybrid).

Hours: Full time (37 hours)

Contract duration: Temporary ongoing.

Day rate: PAYE £367.59 per day/ UMB £475.00 per day.

About this role:

• Responsible for the development and delivery of training materials to aid embedding of cyber security awareness across staff as well as suppliers & collaborating organisations.
• Responsible for continuing to drive our cyber security awareness training to further embed a positive culture.
• Engaging with stakeholders across the business to define and communicate key cyber security culture and awareness messages.
• Lead activities to deliver and assure security education awareness programmes.
• Ensuring development of evidenced based metric to measure the success of the cyber security culture & awareness programme.
• Develop a clear roadmap of culture and awareness activities.
• Review and update of guidance documents.
• Promote security-conscious behaviours and good security risk management practices.
• Work closely with IT Security Teams and the Cyber Risk Team to understand and prioritise culture and awareness activities in line with our key cyber risks

Responsibilities & Deliverables:

Protective Security:

• Develop and apply new concepts in protective security, involving the other specialisms, including the Corporate Enablers.
• Develop individuals and contributes to the development of protective security practices.
• Promote protective security as a business enabler throughout the organisation.

Threat Understanding:

• Interpret sources of threat information for the local environment and applies knowledge of the external environment.
• Maintain understanding of local and strategic threat environments, and trends affecting the landscape, and can apply to inform and provide context.
• Use local and strategic threat information in decision-making and planning.
• Communicate tailored threat information to relevant local stakeholders within the organisation.

Risk understanding and mitigation:

• Develop basic cost-effective risk management plans.
• Support risk assessment and mitigation plan development.
• Follows documented principles and guidelines for risk understanding and mitigation.
• Relate risk to corporate governance, organisational strategic direction and planning Legal and regulatory environment and compliance.

Legal and regulatory environment and compliance:

• Explain the principal requirements of major legislation and regulations relevant to security, and the legal and regulatory instruments relevant to the role.
• Review & implement alterations to operating procedures in response to changes in regulations Educates/provides guidance on the implementation of regulations.
• Report residual non-compliance to management in accordance with organisation procedures.

Experience, qualifications, skills & experiences:

• 3+ years within the cyber security profession, having received formal or on the job training and/or qualifications in cyber risk and/or threat awareness.
• It is desirable to have CISSP, CISM or CRISC certification.

For more information on this role please email [email protected] or call 07789557717