Description
Culture and Awareness
- Assisting the Culture and Awareness Assistant Manager with the centrally managed information security culture, awareness & training programmes, and initiatives to drive behavioural change across the organisation. Audiences cover general users (ie all staff), contractors and also specific high-risk groups across the firm, including those with privileged access.
- Assisting with monitoring and evaluating the effectiveness of these programmes to determine the extent of behaviour change, and to support decision making and investment.
- Assisting with developing and delivering a suite of information security training for all staff, including different target groups (eg new joiners and those with privileged access).
- Assisting with the ethical phishing programme, and the analysis of results to identify areas of risk that need remedial action.
- Assisting with ad hoc communications related to Information Assurance activities and concerns.
- Assisting with the presentation of the content and guidance in the Information Assurance Team's Intranet portal.
- Supporting and advising Security Liaison business area leads with their awareness initiatives, to ensure a consistent and "best practice" approach.
- Supporting the awareness aspects of client assurance and 2LOD and 3LOD audit activity (includes awareness aspects of ISO 27001 certification).
- Support the firm's mission to build client trust and confidence with regard to information security.
- Stay abreast of industry best practice in relation to information security culture and awareness.
Reporting
- Assisting with the provision of meaningful and actionable management information, including Key Risk Indicators and Key Performance Indicators, for policies owned by the Head of Information Assurance.
Awareness and collaboration
- Establish strong relationships with first line of defence stakeholders, as relevant to role.
- Establish strong relationships with other relevant stakeholders.
- Build on and preserve the firm's reputation with clients, with regard to information security.
Technical knowledge and qualifications
- Strong working knowledge of information security standards (eg Cyber Essentials, ISF Standard of Good Practice for Information Security, ISO 27001, NIST Cybersecurity Framework, CIS Top 20 Controls)
- Subject matter expert in information security culture and awareness
- Understanding of privacy requirements (including GDPR)
- Good knowledge of legal and regulatory requirements impacting information security
- Ability to communicate clearly and simply, both verbally and in writing
- CISSP certification and/or CISA desirable
- Other related qualifications (eg ISO Lead Auditor course) desirable