The Security Policy & Awareness Specialist is a pivotal role and is responsible for:
- Developing and maintaining all security policies, standards and awareness measures and activities.
- Drive our Security Awareness For Everyone (SAFE) programme that promotes and drives a cultural change throughout.
- To support the Information Security Manager in delivering a consistent, best in class security service to our people, customers, 3rd parties and partners.
- Design and implement centralised processes for the identification, development, stakeholder review, approval, publication and maintenance of our security related policies and standards
- Work cross functionally with all business functions to develop a set of security standards, procedures and guidelines that are relevant and aligned to industry best practice and legal & regulatory requirements
- Manage the development of the information security policies, standards and awareness function by ensuring alignment with Security.
- Help deliver a tailored security awareness and training programme and road map which supports joiners, in situ, movers and leavers
- Identify and create the information security awareness tools and processes that can demonstrate and measure employee, 3rd Party and Partner adherence to security policies
- Develop appropriate metrics and statistics; and provide timely reports on the performance of security policy and awareness activities
- Ensure that the leaders understand their role in relation to our security policies and are aware of our security strategy
- Continue and build the relationships with the relevant internal and external stakeholders to develop and maintain our security policy framework and awareness programme
- Develop and maintain our Security Awareness For Everyone programme and intranet site, providing access for all employees to our security materials, messages and self-help tools
- Responsible for all security communications, internally and externally, working in conjunction with the Head of Risk & Security and our Internal Communications department
- Responsible for driving and leading the Group Security Awareness Forum to share policies and practices.
- Fun and Engaging personality
- Proven experience of managing and driving comms and awareness programme.
- Proven Experience of proactively managing and driving business change through stakeholder engagement and management
- Proven Experience of people management / team lead in any capacity (be it virtual)
- Demonstrative experience dealing with a broad range of people including senior business leaders, tech experts and front line staff
- Basic understanding and knowledge of security standards - including and not limited - ISO27001/ISeC, Cobit, ISF, CESG, PCI-DSS, ND1643
- Utilising different methods and media to communicate, educate and assess messaging and requirements across varied and large audiences
- Strong communication skills; articulate, explaining technical issues simply both verbally and in writing
- Support all security and data protection functions in the delivery of key messages across Three and relevant 3rd parties and partners
- Ability to multi task and work on projects concurrently and under tight deadlines
- Detail oriented and customer focused with excellent time management skills
Nice to have
- Experience of working on polices and awareness programmes or other campaigns.
- Interested in gaining Security certification such as CISSP, CISM
Project People is acting as an Employment Business in relation to this vacancy.