Role Overview
The Governance & Awareness Lead drives enterprise-wide cybersecurity awareness and governance reporting to reduce human cyber risk. The role designs and delivers a riskbased security awareness programme, measures and improves employee behaviour, and provides governance oversight to ensure GISO documentation and management reporting are accurate, consistent, and decisionready.
Key Job Accountabilities:
- Identify top human cyber risks and define required behaviour changes to mitigate those risks
- Design, implement, and continuously improve a risk-based cybersecurity awareness program, incorporating employee feedback
- Plan and execute simulated phishing campaigns and targeted awareness initiatives to drive measurable and sustained employee behaviour change
- Develop and manage a metrics framework to track compliance, employee behaviour, and program effectiveness
- Produce highquality management reporting using a single source of truth to support risk ownership and decisionmaking
- Create clear, engaging security communications, training materials, and internal awareness content
- Partner with Corporate Communications function to deliver regular, targeted messaging that reinforces a strong securityaware culture
- Coordinate governance oversight of GISO policies, standards, and guidelines, working with subjectmatter experts to ensure timely reviews and updates
- Manage GISO intranet content to ensure information is accurate, current, and easily accessible
- Liaise with internal and external auditors on cybersecurity-related matters as required
- Support Risk & Assurance function on cyber risk activities (e.g. CMMC, Control Self-Assessments) as required
- Monitor emerging threats and trends to ensure awareness content remains relevant and timely
Reporting Line:
This position reports to the Group Chief Information Security Officer (GCISO)
Required Experience and Qualifications:
- Degree in Communications, Marketing, Psychology, or a related discipline (or equivalent experience)
- Minimum 3 years experience in security awareness, communications, marketing, or related roles
- Demonstrated ability to translate complex technical concepts into clear, practical guidance for diverse audiences
- Strong stakeholder management and influencing skills across business units and enabling functions
- Experience working with HR, Risk, Audit, and business stakeholders
- Hands-on experience with Microsoft M365 and Power BI
- Experience with Learning Management Systems (LMS), content authoring, and training delivery platforms
- Solid project management skills, including planning, execution, and outcome measurement
- Strong judgment, prioritisation, and attention to detail
