Cyber Security Training and Awareness Lead

This position will report to the Cyber Security Portfolio Manager and will work within the Information Systems directorate based in our London office. The role requires a minimum of 3 days a week in the office and may require travel to other sites and or to external parties. You will be a permanent employee. You will attract a salary of up to £75,000.00 depending on skills, qualifications and experience and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote.

Benefits include:

• 25 Days Annual Leave plus bank holidays.
• Reservist Leave – Additional 18 days full pay and 22 unpaid.
• Personal Pension Plan – Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%).
• Tenancy Loan Deposit Scheme, Season Ticket Loan.
• Tax efficient benefits: Cycle to Work, Home & Tech, and Green Car Leasing Schemes.
• Occupational Health support.
• Switched On – scheme providing discount on hundreds of retailers' products.
• Discounted gym membership.
• Employee Assistance Programme.

Job Purpose: You will develop, deliver, and evaluate cyber security education and awareness programmes for UK Power Networks. Collaborate with the Cyber Security, Information Systems Teams, SMT and EMT and partners to identify the training and awareness needs, design and implement solutions, and measure the impact and outcomes of the programmes. You will also promote a culture of cyber security awareness and best practice to all UK Power Networks employees, customers, and partners of the organisation.

Dimensions: UK Power Networks is a critical national infrastructure company that helps underpin the United Kingdom's electrical distribution network and faces cyber security threats on an ongoing basis. As the threat landscape changes, UK Power Networks must be prepared to protect itself with cyber security at the heart of its DNA. The Cyber Security Training and Awareness Specialist will ensure that as a company we are prepared and educated with cyber security in mind and as part of our culture.

People: Work collaboratively in a team of circa 60 cyber professionals both permanent and temporary cyber security team members, and across the wider IS team. You will be the face and voice of the Think Secure culture and awareness programme, delivering a range of projects to specific teams to improve our culture and awareness of cyber security. You will lead the liaison with SMT and EMT and operational team to improve engagement and awareness through the delivery of events, workshops, training sessions and our cyber champions' network. You will have oversight of the circa 90 cyber champions and manage their outputs, training programme and monitor their progress.

Financial: No direct budget responsibility but works in partnership with finance partners to ensure budget and forecast are up to date.

Suppliers: Regular interaction and management of specialist cyber security training vendors and partners. Ability to lead large facilitated sessions and training sessions ranging from suppliers, operational staff through the SMT and EMT. Establish and maintain strong, collaborative working relationships with internal teams, including IT, HR and Legal, and third-party providers, suppliers, and partners to drive outcomes and create alignment around a course of action. Establish and sustain relationships with SMT and other senior partners to ensure buy-in and support for the cyber awareness and training programmes.

Principal Accountabilities:

• Ensure highest standards of safety are applied across all areas of responsibility.
• Develop the cyber security training and awareness strategy and roadmap that aligns with UK Power Networks goals, visions, and strategic goals.
• Create engaging and interactive cyber security training and awareness content and materials, such as e-learning modules, webinars, workshops, newsletters, posters, videos, games, quizzes, etc.
• Conduct regular assessments and surveys to evaluate the effectiveness and satisfaction of the cyber security training and awareness programmes and provide feedback and recommendations for improvement.
• Report on the progress and performance of the cyber security training and awareness programmes and ensure compliance with the relevant standards.
• Research and stay updated on the latest cyber security trends, threats, and best practices, and incorporate them into the training and awareness programmes.
• Establish and maintain positive relationships with internal and external stakeholders, such as management, IT, HR, legal, vendors, customers, and partners, and solicit their input and support for the cyber security training and awareness programs.
• Participate in cyber security events and projects, such as awareness campaigns, webinars, conferences, etc., and represent UK Power Networks as a cyber security advocate and expert.
• Develop role-based Cyber Security Training for the Cyber Security Team, covering cyber operations, architecture, governance risk and compliance and testing.
• Maintain the cyber security skills matrix to inform the role-based training requirements.

Nature And Scope: The Information Systems Department works across UK Power Networks, supporting the company in the achievement of its strategy and vision to become the best performing DNO. The team achieve this through the provision of technology solutions, as well as the optimisation of current solutions to improve how the company operates. Continuous improvement, customer service and seamless delivery is at the heart of this ethos and are therefore strongly underpinned by effective cyber security.

The role works closely with five disciplines within the Cyber Security Team, Enterprise Architecture, Technical Teams, IT Service Providers, Project, Innovation, and business stakeholders to implement and optimise the security infrastructure, systems, and services. The key measure of success for this role is upholding and enhancing the cyber security posture of UK Power Networks through training and awareness across the business.

Qualifications:

• Experience developing and delivering cyber security training and awareness programmes, preferably in a large organisation.
• The ability to apply the principles and methods of instructional design and development to create engaging cyber security learning materials, such as courses, modules, videos, games, simulations, quizzes, etc.
• The ability to deliver and facilitate cyber security training and awareness sessions using different modes and platforms and to adapt to the needs and preferences of different learners and groups.
• The ability to communicate and present technical cyber security information in a concise, and compelling way, using appropriate language and visuals, and tailor the message to the audience and the context.
• The ability to identify, engage, and collaborate with various stakeholders, such as management, EMT, SMT, IT, HR, legal, compliance to align the cyber security training and awareness objectives with the organizational goals and policies, and to obtain their support and feedback.
• The ability to evaluate the effectiveness and impact of the cyber security training and awareness programs and to use the results to improve the design, development, and delivery of the programs.

Certifications: A bachelor's degree in cyber security, information technology, education, communication, or related field, or equivalent work experience. Cyber Security Frameworks: Working knowledge of Cyber Essentials, ISO27001:2022, CSA Cloud Controls Matrix, NCSC CAF and GDPR, is important to ensure that data is being managed in a compliant manner.

Health & Safety Responsibilities: Managers and supervisors carry both legal and company responsibilities for ensuring the health and safety of their employees, those under their control and those who might be affected by the work undertaken, i.e. public, visitors and employees of other organisations. This includes briefing individuals working for them and ensuring there is the necessary understanding, competence and application of requirements to work safely and without harming the environment. Employees will ensure they understand the health and safety risks involved in their work activities and their responsibility to apply the controls needed to manage those risks to acceptable levels. Similarly where work activities can have an adverse impact upon the environment, and where there are legal requirements, employees will understand those impacts and the controls they must ensure are applied.

Equal Employment Opportunity: We are committed to equal employment opportunity regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.

Safeguarding: We are committed to safeguarding and promoting the welfare of children and young people. Where applicable, this role is subject to safer recruitment processes and robust pre-employment checks.