ROLE Name : TBC Bank ID : TBC Business Title : Head, Cyber Targeted Training and Awareness Grade : Grade 5 Business Unit : Training and Awareness, Trust, Data and Resilience Job Family : Learning Location : UK / Poland Year : 2020 RESPONSIBILITIES
The Trust, Data & Resilience organisation adopts a fast-paced, high-performing and accountable culture that focuses on fostering a robust security culture across the Bank.
As part of our mandate to grow trust with clients and regulators, we deliver end-to-end awareness programmes and learning journeys that position the Bank as an industry leader in managing the human aspect of security risk.
The Training and Awareness team is responsible for fostering the Bank's security culture. It drives the design, development, deployment and enablement of delivery via awareness communities of practice across the globe based on employee roles and risk types.
It does this through immersive and thought-provoking training and awareness initiatives that drive down the human aspect of information and cyber security (ICS) risk.
The team's remit spans general employee awareness, role-based training, phishing awareness, communications, assessing behaviour change and awareness risk reporting and policy / regulatory alignment.
Main purpose of role
This is a new role created in response to the maturing Information and Cyber Security (ICS) training and awareness requirements of the Bank.
The Head will lead on designing Bank-wide and targeted campaigns and content that address specific audiences, high risk users and emerging threats.
In particular, they will be responsible for spear-heading an end to end Phishing programme that drives a world-class culture of secure behaviour.
This includes implementing phishing campaigns targeted at high risk audiences, using data to review before / after status and adjusting campaigns accordingly to ensure risk buy down and ensuring correct metrics reporting.
The lead will have cross team responsibility to ensure all awareness campaigns are linked to the appropriate regulations, standards, policies and risks.
They will build the required reporting models to ensure an industry best practice and consistent view of Awareness risk appetite metrics, and ensure programme effectiveness and implementation metrics are provided to the right forums.
They will also lead a start-up initiative around Responsible AI training and awareness.
This role requires someone who has proven expertise in creating engaging, gamified and innovative content, has cyber risk management and security awareness in their DNA, and has extensive experience in designing threatbased awareness programmes, in line with industry frameworks, that directly drive down the human aspect of ICS risk.
Preference will be given to an industry leader who can engage with audiences at all levels, from Board members, People Managers and developers to 2nd Line Assurance, Ops Risk and Governance stakeholders.
Being based in Europe, they will also be expected to help the broader Awareness team on Europe, Americas and Africa, Middle East awareness engagements and on the ground activities / planning with senior stakeholders.
Cyber Targeted Awareness Campaigns and Learning Journeys
Drive the Bank's security culture through the design and delivery of innovative, gamified and impactful cyber awareness content for high risk audiences and roles
Design awareness frameworks and Bank-wide campaigns for high risk audiences in line with the latest Policies and Standards, industry frameworks, risks, threats, and business requirements
Develop targeted awareness campaigns and content for specific high-risk audiences e.g. People managers, Contact Centre staff, Board members, repeat clickers - as defined in the end to end awareness process
Design sophisticated phishing awareness campaigns and testing for all employees and targeted high-risk users
Ensure pipeline of regular new content for the Bank's gamified employee engagement platform for targeted audiences
Work with General Awareness team to help design and adopt innovative methods and technologies to help employees be cyber safe at work and at home
Align campaigns with the NIST Framework. Create a structured top down, end to end awareness programme that addresses all human aspects of the NIST categories and sub categories
Understand the importance of a closed loop awareness process : inputs, campaign design, outputs, metrics and feedback. Regularly track, monitor and report the effectiveness of all targeted awareness programmes and controls with 1st Line and 2nd Line stakeholders and Awareness Head of Operations and Reporting
Build strategic partnerships with agencies, where needed, to design innovative content
Collaborate with members of the training and awareness team, and business risk owners to understand awareness requirements
Collaborate with other Training and Awareness leads (Data and Privacy, Automation, Third Party, Resilience) and awareness communities of practice to share best practices and collaborate on joint initiatives.
Build regional / local communities of practices
Ensure all targeted awareness campaigns and initiatives are aligned with Group Corporate Affairs, support the Bank'
s strategic priorities and embed its brand values
Collaborate across various functions e.g. Compliance, Conduct, Fraud & Privacy to deliver security message where relevant
Liaise with governance teams to provide information with relevant evidence for regulators and auditors as required
Collaborate with Europe / Americas country and Regional Heads of ICS, Awareness leads and business stakeholders as needed on campaign design, business planning and delivery / facilitation of on the ground training and awareness sessions on behalf of the Training and Awareness team
Pivotal in elevating maturity of the awareness team, not just in targeted awareness
Drive efficiencies and effectiveness across the team
Be an enabler to journeys
Grow trust with clients and regulators
Develop and inspire a small team with big ambitions
Regulatory & Business Conduct
Display exemplary conduct and live by the Group's Values and Code of Conduct.
Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.
This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
ICS Training and Awareness teams (1L and 2L)
Heads of ICS Business, Functions and geographies
Information and Security Risk Officers (country, region, group, business and functions 2L)
ICS Regional Awareness Leads, security champions and communities of practice
Threat Intelligence Team
Cyber Security Services team
Policy, Risk & Governance Team (2L)
Risk and Control
Cyber Resilience team
Corporate Affairs and Brand & Marketing Team (country, region, group, business and functions)
Compliance, Conduct and Fraud Awareness Teams
Extended CISO / COO Teams : Resilience, Third party risk, Automation, Data & Privacy
Group Learning and HR
MT (country, region, group, business and functions)
COMPETENCIES Leadership Competencies Leadership Level Spot Opportunities Line Manager Solve Problems Line Manager Take the Lead Thought Leader Build Resilience Line Manager Collaborate Thought Leader Communicate Thought Leader Deliver Sustainably Line Manager Achieve Results Line Manager Technical Competencies Target Proficiency Level Manage Conduct Advanced Manage Risk Advanced Manage People Advanced
Insert essential technical competencies from the Competency Framework
1. Information Technology Security Policies Working Experience 2. Cyber Security Risk Management - Working Experience 3.
Data Privacy Basic Understanding 4. Training Solution Development Subject Matter Depth and Breadth 5. Effective Communications - Subject Matter Depth and Breadth 6.
Communicating Complex Concepts Extensive Experience 7. Written Communications - Extensive Experience 8. Storytelling Extensive Experience
QUALIFICATIONS : Training, licenses, memberships and certifications
Someone who is passionate about behaviour, culture and the human aspect of cyber security risk
Proven experience of driving down Phishing CTR through company-wide Phishing campaigns and a track record of creating and delivering innovative, impactful global ICS campaigns based on threats and risks
Information Security expertise, in particular, security awareness and preferably cyber policy / cyber risk management
5 years' experience in internal / external communications, marketing, cross-cultural communications, training / development, branding and / or corporate writing, in a corporate and / or creative agency environment.
Multinational experience is a plus, especially Banking sector
A Degree in Communications, Mass Communications, Marketing Communications or related field preferred but not essential.
Extended years of advanced marketing / training / awareness experience may be considered in lieu. A background in cyber risk management with a move to cyber awareness with a minimum of 3 years awareness experience will also be considered in lieu.
Comfortable with technical jargon and proven ability to translate complex policies and technical requirements into plain English and clear call to actions for non-technical people
Impeccable communications skills, advanced business writing / publishing skills essential. Use of social media / digital platforms an advantage.
Preferably in the technology space
Preferred : good level of understanding of information and cyber security risk, cyber security policies / standards, cyber culture, cyber risk reporting, risk frameworks such as NIST and how they relate to security awareness
Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
Leads and influences long term business strategy, translates strategic direction into plans with a longterm view
Ability to both assess strategic priorities and to focus on detailed aspects of a function. Strong integrity, independence and resilience.
Ability to foster positive relationships with internal and external stakeholders at appropriate level
Ability to manage and prioritise multiple assignments with a proactive mindset
Exceptional oral, written and presentation skills
Do the right thing : Be brave, be the change; Think client; Live with integrity Never Settle : Continuously improve and innovate;
Simplify; Learn from your successes and failures Better together : See more in others; How can I help?; Build for the long term