Assisting the Culture and Awareness Assistant Manager with the centrally managed information security culture, awareness & training programmes, and initiatives to drive behavioural change across the organisation. Audiences cover general users (i.e. all staff), contractors and also specific high-risk groups across the firm, including those with privileged access.
Assisting with monitoring and evaluating the effectiveness of these programmes to determine the extent of behaviour change, and to support decision making and investment.
Assisting with developing and delivering a suite of information security training for all staff, including different target groups (e.g. new joiners and those with privileged access).
Assisting with the ethical phishing programme, and the analysis of results to identify areas of risk that need remedial action.
Assisting with ad hoc communications related to Information Assurance activities and concerns.
Assisting with the presentation of the content and guidance in the Information Assurance Team's intranet portal.
Supporting and advising Security Liaison business area leads with their awareness initiatives, to ensure a consistent and "best practice" approach.
Supporting the awareness aspects of client assurance and 2LOD and 3LOD audit activity (includes awareness aspects of ISO 27001 certification).
Support the firm's mission to build client trust and confidence with regard to information security.
Stay abreast of industry best practice in relation to information security culture and awareness.
Assisting with the provision of meaningful and actionable management information, including Key Risk Indicators and Key Performance Indicators, for policies owned by the Head of Information Assurance.
Awareness and collaboration
Establish strong relationships with first line of defence stakeholders, as relevant to role.
Establish strong relationships with other relevant stakeholders.
Build on and preserve the firm's reputation with clients, with regard to information security.
Technical knowledge and qualifications
Strong working knowledge of information security standards (e.g. Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
Subject matter expert in information security culture and awareness
Understanding of privacy requirements (including GDPR)
Good knowledge of legal and regulatory requirements impacting information security
Ability to communicate clearly and simply, both verbally and in writing
CISSP certification and/or CISA desirable
Other related qualifications (e.g. ISO Lead Auditor course) desirable