The Governance & Awareness Specialist drives enterprise-wide cybersecurity awareness and governance reporting to reduce human cyber risk. The role designs and delivers a risk‑based security awareness programme, measures and improves employee behaviour, and provides governance oversight to ensure GISO documentation and management reporting are accurate, consistent, and decision‑ready.
Key Job Accountabilities:
- Identify top human cyber risks and define required behaviour changes to mitigate those risks
- Design, implement, and continuously improve a risk-based cybersecurity awareness program, incorporating employee feedback
- Plan and execute simulated phishing campaigns and targeted awareness initiatives to drive measurable and sustained employee behaviour change
- Develop and manage a metrics framework to track compliance, employee behaviour, and program effectiveness
- Produce high‑quality management reporting using a single source of truth to support risk ownership and decision‑making
- Create clear, engaging security communications, training materials, and internal awareness content
- Partner with Corporate Communications function to deliver regular, targeted messaging that reinforces a strong security‑aware culture
- Coordinate governance oversight of GISO policies, standards, and guidelines, working with subject‑matter experts to ensure timely reviews and updates
- Manage GISO intranet content to ensure information is accurate, current, and easily accessible
- Liaise with internal and external auditors on cybersecurity-related matters as required
- Support Risk & Assurance function on cyber risk activities (e.g. CMMC, Control Self-Assessments) as required
- Monitor emerging threats and trends to ensure awareness content remains relevant and timely
Reporting Line:
- This position reports to the Group Chief Information Security Officer (GCISO)
Required Experience and Qualifications:
- Degree in Communications, Marketing, Psychology, or a related discipline (or equivalent experience)
- Minimum 3 years experience in security awareness, communications, marketing, or related roles
- Demonstrated ability to translate complex technical concepts into clear, practical guidance for diverse audiences
- Strong stakeholder management and influencing skills across business units and enabling functions
- Experience working with HR, Risk, Audit, and business stakeholders
- Hands-on experience with Microsoft M365 and Power BI
- Experience with Learning Management Systems (LMS), content authoring, and training delivery platforms
- Solid project management skills, including planning, execution, and outcome measurement
- Strong judgment, prioritisation, and attention to detail
- Candidates with no experience but good academic records can be considered
Why Join Us
- Be part of a large multinational group with enterprise-scale cybersecurity exposure.
- Gain hands-on experience across security awareness, governance, and reporting.
- Work in a collaborative environment that supports professional growth and learning.
- Based at the modern ST Engineering Hub in Singapore.
