Head, Cyber Targeted Training and Awareness
eTeam Hong Kong
Singapore, SG
3h ago

ROLE Name : TBC Bank ID : TBC Business Title : Head, Cyber Targeted Training and Awareness Grade : Grade 5 Business Unit : Training and Awareness, Trust, Data and Resilience Job Family : Learning Location : UK / Poland Year : 2020 RESPONSIBILITIES

Background :

The Trust, Data & Resilience organisation adopts a fast-paced, high-performing and accountable culture that focuses on fostering a robust security culture across the Bank.

As part of our mandate to grow trust with clients and regulators, we deliver end-to-end awareness programmes and learning journeys that position the Bank as an industry leader in managing the human aspect of security risk.

The Training and Awareness team is responsible for fostering the Bank's security culture. It drives the design, development, deployment and enablement of delivery via awareness communities of practice across the globe based on employee roles and risk types.

It does this through immersive and thought-provoking training and awareness initiatives that drive down the human aspect of information and cyber security (ICS) risk.

The team's remit spans general employee awareness, role-based training, phishing awareness, communications, assessing behaviour change and awareness risk reporting and policy / regulatory alignment.

Main purpose of role

This is a new role created in response to the maturing Information and Cyber Security (ICS) training and awareness requirements of the Bank.

The Head will lead on designing Bank-wide and targeted campaigns and content that address specific audiences, high risk users and emerging threats.

In particular, they will be responsible for spear-heading an end to end Phishing programme that drives a world-class culture of secure behaviour.

This includes implementing phishing campaigns targeted at high risk audiences, using data to review before / after status and adjusting campaigns accordingly to ensure risk buy down and ensuring correct metrics reporting.

The lead will have cross team responsibility to ensure all awareness campaigns are linked to the appropriate regulations, standards, policies and risks.

They will build the required reporting models to ensure an industry best practice and consistent view of Awareness risk appetite metrics, and ensure programme effectiveness and implementation metrics are provided to the right forums.

They will also lead a start-up initiative around Responsible AI training and awareness.

This role requires someone who has proven expertise in creating engaging, gamified and innovative content, has cyber risk management and security awareness in their DNA, and has extensive experience in designing threatbased awareness programmes, in line with industry frameworks, that directly drive down the human aspect of ICS risk.

Preference will be given to an industry leader who can engage with audiences at all levels, from Board members, People Managers and developers to 2nd Line Assurance, Ops Risk and Governance stakeholders.

Being based in Europe, they will also be expected to help the broader Awareness team on Europe, Americas and Africa, Middle East awareness engagements and on the ground activities / planning with senior stakeholders.

Cyber Targeted Awareness Campaigns and Learning Journeys

  • Drive the Bank's security culture through the design and delivery of innovative, gamified and impactful cyber awareness content for high risk audiences and roles
  • Design awareness frameworks and Bank-wide campaigns for high risk audiences in line with the latest Policies and Standards, industry frameworks, risks, threats, and business requirements
  • Develop targeted awareness campaigns and content for specific high-risk audiences e.g. People managers, Contact Centre staff, Board members, repeat clickers - as defined in the end to end awareness process
  • Design sophisticated phishing awareness campaigns and testing for all employees and targeted high-risk users
  • Ensure pipeline of regular new content for the Bank's gamified employee engagement platform for targeted audiences
  • Work with General Awareness team to help design and adopt innovative methods and technologies to help employees be cyber safe at work and at home
  • Align campaigns with the NIST Framework. Create a structured top down, end to end awareness programme that addresses all human aspects of the NIST categories and sub categories
  • Understand the importance of a closed loop awareness process : inputs, campaign design, outputs, metrics and feedback. Regularly track, monitor and report the effectiveness of all targeted awareness programmes and controls with 1st Line and 2nd Line stakeholders and Awareness Head of Operations and Reporting
  • Build strategic partnerships with agencies, where needed, to design innovative content
  • Collaborate with members of the training and awareness team, and business risk owners to understand awareness requirements
  • Collaborate with other Training and Awareness leads (Data and Privacy, Automation, Third Party, Resilience) and awareness communities of practice to share best practices and collaborate on joint initiatives.
  • Build regional / local communities of practices

  • Ensure all targeted awareness campaigns and initiatives are aligned with Group Corporate Affairs, support the Bank'
  • s strategic priorities and embed its brand values

  • Collaborate across various functions e.g. Compliance, Conduct, Fraud & Privacy to deliver security message where relevant
  • Liaise with governance teams to provide information with relevant evidence for regulators and auditors as required
  • Collaborate with Europe / Americas country and Regional Heads of ICS, Awareness leads and business stakeholders as needed on campaign design, business planning and delivery / facilitation of on the ground training and awareness sessions on behalf of the Training and Awareness team
  • Leadership

  • Pivotal in elevating maturity of the awareness team, not just in targeted awareness
  • Drive efficiencies and effectiveness across the team
  • Be an enabler to journeys
  • Grow trust with clients and regulators
  • Develop and inspire a small team with big ambitions
  • Regulatory & Business Conduct

  • Display exemplary conduct and live by the Group's Values and Code of Conduct.
  • Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank.
  • This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.

  • Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.
  • Key Stakeholders

  • ICS Training and Awareness teams (1L and 2L)
  • Heads of ICS Business, Functions and geographies
  • Information and Security Risk Officers (country, region, group, business and functions 2L)
  • ICS Regional Awareness Leads, security champions and communities of practice
  • Threat Intelligence Team
  • Cyber Security Services team
  • Policy, Risk & Governance Team (2L)
  • Risk and Control
  • Cyber Resilience team
  • Corporate Affairs and Brand & Marketing Team (country, region, group, business and functions)
  • Compliance, Conduct and Fraud Awareness Teams
  • Extended CISO / COO Teams : Resilience, Third party risk, Automation, Data & Privacy
  • Group Learning and HR
  • MT (country, region, group, business and functions)
  • Regulatory teams
  • COMPETENCIES Leadership Competencies Leadership Level Spot Opportunities Line Manager Solve Problems Line Manager Take the Lead Thought Leader Build Resilience Line Manager Collaborate Thought Leader Communicate Thought Leader Deliver Sustainably Line Manager Achieve Results Line Manager Technical Competencies Target Proficiency Level Manage Conduct Advanced Manage Risk Advanced Manage People Advanced

    Insert essential technical competencies from the Competency Framework

    1. Information Technology Security Policies Working Experience 2. Cyber Security Risk Management - Working Experience 3.

    Data Privacy Basic Understanding 4. Training Solution Development Subject Matter Depth and Breadth 5. Effective Communications - Subject Matter Depth and Breadth 6.

    Communicating Complex Concepts Extensive Experience 7. Written Communications - Extensive Experience 8. Storytelling Extensive Experience

    QUALIFICATIONS : Training, licenses, memberships and certifications

  • Someone who is passionate about behaviour, culture and the human aspect of cyber security risk
  • Proven experience of driving down Phishing CTR through company-wide Phishing campaigns and a track record of creating and delivering innovative, impactful global ICS campaigns based on threats and risks
  • Information Security expertise, in particular, security awareness and preferably cyber policy / cyber risk management
  • 5 years' experience in internal / external communications, marketing, cross-cultural communications, training / development, branding and / or corporate writing, in a corporate and / or creative agency environment.
  • Multinational experience is a plus, especially Banking sector

  • A Degree in Communications, Mass Communications, Marketing Communications or related field preferred but not essential.
  • Extended years of advanced marketing / training / awareness experience may be considered in lieu. A background in cyber risk management with a move to cyber awareness with a minimum of 3 years awareness experience will also be considered in lieu.

  • Comfortable with technical jargon and proven ability to translate complex policies and technical requirements into plain English and clear call to actions for non-technical people
  • Impeccable communications skills, advanced business writing / publishing skills essential. Use of social media / digital platforms an advantage.
  • Preferably in the technology space

  • Preferred : good level of understanding of information and cyber security risk, cyber security policies / standards, cyber culture, cyber risk reporting, risk frameworks such as NIST and how they relate to security awareness
  • Must be a self-starter who is able to initiate and successfully drive programs and projects to completion with little or no management supervision.
  • Leads and influences long term business strategy, translates strategic direction into plans with a longterm view
  • Ability to both assess strategic priorities and to focus on detailed aspects of a function. Strong integrity, independence and resilience.
  • Ability to foster positive relationships with internal and external stakeholders at appropriate level
  • Ability to manage and prioritise multiple assignments with a proactive mindset
  • Exceptional oral, written and presentation skills
  • VALUED BEHAVIOURS

  • Do the right thing : Be brave, be the change; Think client; Live with integrity Never Settle : Continuously improve and innovate;
  • Simplify; Learn from your successes and failures Better together : See more in others; How can I help?; Build for the long term

    Report this job
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form