Culture & Awareness - Assistant Manager

Employer
Resource Solutions
Location
UK
Salary
Competitive
Closing date
6 May 2021

View more

Sector
Technology & New Media
Contract Type
Permanent

Job Details

Culture and Awareness
  • Assisting the Culture and Awareness Assistant Manager with the centrally managed information security culture, awareness & training programmes, and initiatives to drive behavioural change across the organisation. Audiences cover general users (i.e. all staff), contractors and also specific high-risk groups across the firm, including those with privileged access.
  • Assisting with monitoring and evaluating the effectiveness of these programmes to determine the extent of behaviour change, and to support decision making and investment.
  • Assisting with developing and delivering a suite of information security training for all staff, including different target groups (e.g. new joiners and those with privileged access).
  • Assisting with the ethical phishing programme, and the analysis of results to identify areas of risk that need remedial action.
  • Assisting with ad hoc communications related to Information Assurance activities and concerns.
  • Assisting with the presentation of the content and guidance in the Information Assurance Team's intranet portal.
  • Supporting and advising Security Liaison business area leads with their awareness initiatives, to ensure a consistent and "best practice" approach.
  • Supporting the awareness aspects of client assurance and 2LOD and 3LOD audit activity (includes awareness aspects of ISO 27001 certification).
  • Support the firm's mission to build client trust and confidence with regard to information security.
  • Stay abreast of industry best practice in relation to information security culture and awareness.


Reporting
  • Assisting with the provision of meaningful and actionable management information, including Key Risk Indicators and Key Performance Indicators, for policies owned by the Head of Information Assurance.


Awareness and collaboration
  • Establish strong relationships with first line of defence stakeholders, as relevant to role.
  • Establish strong relationships with other relevant stakeholders.
  • Build on and preserve the firm's reputation with clients, with regard to information security.


Technical knowledge and qualifications
  • Strong working knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
  • Subject matter expert in information security culture and awareness
  • Understanding of privacy requirements (including GDPR)
  • Good knowledge of legal and regulatory requirements impacting information security
  • Ability to communicate clearly and simply, both verbally and in writing
  • CISSP certification and/or CISA desirable
  • Other related qualifications (e.g. ISO Lead Auditor course) desirable

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert