Policy & Awareness Specialist -Internal Security Communications

We are immediately recruiting for a Policy and Awareness Specialist on a contract basis, for a leading telecom company based in Berkshire.

The purpose of the role is to ensure that security controls are set in place through policies and standards and that there is an awareness programme which works in conjunction with these controls to protect Customers, People, Information, Data, Assets and company brand to meet legal, regulatory and contractual requirements.

The focus of the role will be as follows:

-Working on security policies - reviewing, re-writing, compiling & publishing

-Awareness & Communications - working on raising awareness - via security awareness campaigns.

Role Summary

• Developing and maintaining all security policies, standards and awareness measures and activities.
• Drive our Security Awareness programme that promotes and drives a cultural change throughout the business.
• To support the Information Security Manager in delivering a consistent, best in class security service to our people, customers, 3rd parties and partners.
• Design and implement centralised processes for the identification, development, stakeholder review, approval, publication and maintenance of our security related policies and standards.
• Work cross functionally with all business functions to develop a set of security standards, procedures and guidelines that are relevant to the business and aligned to industry best practice and legal & regulatory requirements.
• Manage the development of the information security policies, standards and awareness function by ensuring alignment with Security.
• Help deliver a tailored security awareness and training programme and roadmap which supports joiners, in situ, movers and leavers.
• Identify and create the information security awareness tools and processes that can demonstrate and measure employee, 3rd Party and Partner adherence to all security policies.
• Develop appropriate metrics and statistics; and provide timely reports on the performance of security policy and awareness activities.
• Ensure that business leaders understand their role in relation to our security policies and are aware of our security strategy.
• Continue and build the relationships with the relevant internal and external stakeholders to develop and maintain our security policy framework and awareness programme.
• Develop and maintain our Security Awareness programme and intranet site, providing access for all employees to our security materials, messages and self-help tools.
• Responsible for all security communications, internally and externally, working in conjunction with the Head of Risk & Security and our Internal Communications department.
• Responsible for driving and leading the Group Security Awareness Forum to share policies and practices.
• Reviewing security awareness and information for our customers.

Technical Requirements

• Basic understanding and knowledge of security standards - including and not limited - ISO27001/ISeC, Cobit, ISF, CESG, PCI-DSS, ND1643.
• Utilising different methods and media to communicate, educate and assess messaging and requirements across varied and large audiences.
• Strong communication skills; articulate, explaining technical issues simply both verbally and in writing.
• Support all security and data protection functions in the delivery of key messages across the business and relevant 3rd parties and partners.
• Ability to multi task and work on projects concurrently and under tight deadlines.
• Detail oriented and customer focused with excellent time management skills.
• Experience of working on polices and awareness programmes or other campaigns.
• Interested in gaining Security certification such as CISSP, CISM.

Must Have

• Fun and Engaging personality.
• Proven experience of managing and driving comms and awareness programme.
• Proven Experience of proactively managing and driving business change through stakeholder engagement and management.
• Proven Experience of people management / team lead in any capacity (be it virtual).
• Demonstrative experience dealing with a broad range of people including senior business leaders, tech experts and front line staff.

Nice to have

• Experience of working on polices and awareness programmes or other campaigns.
• Interested in gaining Security certification such as CISSP, CISM.

If you are interested in this nice opportunity and feel your profile is a good match then please submit your application online or email direct to loic.menusier@projectpeople.com

Project People is acting as an Employment Business in relation to this vacancy.