Information Security Programme Manager
Newly devolved business building a greenfield security function
An opportunity to shape policies, process, tooling, etc in a global organisation
About Our Client
Our client, a Global Asset Management business are building an in-house IT Security Operations function after exiting a managed service agreement based in Edinburgh. As part of this we are looking for a Security Professional to take on the role of Programme Manager and champion a culture of security throughout the Global organisation.
- Develop, deploy and manage the implementation of the global Information Security Culture and Awareness Programme, working in collaboration with regional information security managers to identify and satisfy risk-based regional cultural growth needs.
- Ensure that the Information Security Culture and Awareness Programme includes innovative and engaging methods of engagement through the creation and management of security e-learning, phishing education programme, security ambassador network (security champions/advocates), SharePoint Site, Confluence / Intranet pages, engagement campaigns, general awareness material and training for high risk groups.
- Ensure that the Information Security Culture and Awareness Programme is structured and maintained as a long term, cultural and behavioural change programme aligned with the delivery of the global CISO's Information Security Strategy - creating an environment where there is a culture of security by default.
- Co-ordinate, manage and oversee the regional implementation of the global Information Security Culture and Awareness Programme. (Regional implementation will be led / responsibility of regional Information Security Managers.)
- Ensure that the programme engages employees and contractors by using interactive and innovative learning experiences.
- Monitor and identify the top 'people' risks, identify behavioural change requirements to mitigate those risks and integrate into the Information Security Culture and Awareness Programme.
- Develop and establish a metrics programme to demonstrate training and awareness effectiveness. This will include surveys, feedback, participant tracking, dashboards, executive summaries and presentations.
- Manage the Information Security Culture and Awareness Programme mailbox, ensuring that all queries from staff relating to information security culture and awareness programme matters are responded to.
- Manage relationships with all security awareness and training vendors as required.
- Work with internal communications, regional security leads, HR, IT and other stakeholders to ensure that all internal Information Security Culture and Awareness initiatives reflect the corporate brand and align with strategic priorities and people experience.
The Successful Applicant
- Exceptional knowledge and experience across cyber security, information security and operational risk having technical awareness in this area (although not a hands on role)
- Previously built an information security culture, awareness and behaviour change leadership experience
- Strong ability to work independently as well as in a team environment; to work under pressure, prioritise delivery, meet targets and manage escalations where appropriate.
- Exceptional communication (verbal and written), inter-personal and negotiation skills through all levels of the organisation.
- Demonstrable experience and competence in clearly explaining complex information security concepts and technologies for both technical and non-technical audiences
- Experience of working with external service providers
What's on Offer
The opportunity to join what is a new, lean and growing function with a business who are establishing their own security operations function. With this will come an opportunity to play a key role with the team in shaping the future of this function.
As well as a great opportunity, a competitive salary and benefits package is on offer.