Policy & Awareness Specialist

The Security Policy & Awareness Specialist is a pivotal role and is responsible for:

• Developing and maintaining all security policies, standards and awareness measures and activities.
• Drive our Security Awareness For Everyone (SAFE) programme that promotes and drives a cultural change throughout.
• To support the Information Security Manager in delivering a consistent, best in class security service to our people, customers, 3rd parties and partners.
• Design and implement centralised processes for the identification, development, stakeholder review, approval, publication and maintenance of our security related policies and standards
• Work cross functionally with all business functions to develop a set of security standards, procedures and guidelines that are relevant and aligned to industry best practice and legal & regulatory requirements
• Manage the development of the information security policies, standards and awareness function by ensuring alignment with Security.
• Help deliver a tailored security awareness and training programme and road map which supports joiners, in situ, movers and leavers
• Identify and create the information security awareness tools and processes that can demonstrate and measure employee, 3rd Party and Partner adherence to security policies
• Develop appropriate metrics and statistics; and provide timely reports on the performance of security policy and awareness activities
• Ensure that the leaders understand their role in relation to our security policies and are aware of our security strategy
• Continue and build the relationships with the relevant internal and external stakeholders to develop and maintain our security policy framework and awareness programme
• Develop and maintain our Security Awareness For Everyone programme and intranet site, providing access for all employees to our security materials, messages and self-help tools
• Responsible for all security communications, internally and externally, working in conjunction with the Head of Risk & Security and our Internal Communications department
• Responsible for driving and leading the Group Security Awareness Forum to share policies and practices.

Must Have

• Fun and Engaging personality
• Proven experience of managing and driving comms and awareness programme.
• Proven Experience of proactively managing and driving business change through stakeholder engagement and management
• Proven Experience of people management / team lead in any capacity (be it virtual)
• Demonstrative experience dealing with a broad range of people including senior business leaders, tech experts and front line staff

Technical Requirements

• Basic understanding and knowledge of security standards - including and not limited - ISO27001/ISeC, Cobit, ISF, CESG, PCI-DSS, ND1643
• Utilising different methods and media to communicate, educate and assess messaging and requirements across varied and large audiences
• Strong communication skills; articulate, explaining technical issues simply both verbally and in writing
• Support all security and data protection functions in the delivery of key messages across Three and relevant 3rd parties and partners
• Ability to multi task and work on projects concurrently and under tight deadlines
• Detail oriented and customer focused with excellent time management skills

Nice to have

• Experience of working on polices and awareness programmes or other campaigns.
• Interested in gaining Security certification such as CISSP, CISM

Project People is acting as an Employment Business in relation to this vacancy.