Security Awareness Lead in London

UK Only Please - Sponsorship is Unavailable

Hybrid Working - 3 days on site is Compulsory - London City

Role Summary

The Security Awareness Lead is responsible for developing, delivering, and continuously improving a global security awareness and behaviour change programme across a multinational organisation of 2,000+ users. This role ensures employees, contractors, and partners understand their security responsibilities, make secure decisions, and actively contribute to a strong security culture. The ideal candidate is a creative communicator, strategic thinker, and experienced security professional capable of driving organisation-wide behavioural change.

Key Responsibilities

• Security Awareness Strategy: Develop and own the global security awareness and human risk management strategy. Align awareness initiatives with organisational risk, regulatory requirements, and the broader cybersecurity roadmap. Establish a measurable, outcomes-driven approach focused on reducing human-related cyber risks.
• Awareness Programme Delivery: Design and deliver engaging security campaigns, training materials, microlearning modules, phishing simulations, and behavioural nudges. Build a compelling internal "security culture brand" to drive engagement and recognition. Launch role-based training for high-risk groups (e.g., executives, finance, developers, privileged access users).
• Behaviour & Human Risk Management: Conduct human risk assessments and behavioural baselining across regions and business units. Develop KPIs and metrics to track behavioural change, susceptibility, and programme effectiveness. Use data insights from phishing, security incidents, and SOC analytics to drive targeted interventions.
• Stakeholder Engagement: Collaborate closely with HR, Communications, IT, Data Protection, Legal, and Regional Business Leads. Influence senior stakeholders and communicate the business value of a strong security culture. Support policy communication and ensure employees understand security responsibilities.
• Tooling & Technology: Manage the security awareness platform (LMS), phishing simulation tools, and behavioural analytics solutions. Evaluate and procure new technologies to enhance the programme (awareness platforms, content providers, risk scoring tools). Integrate awareness workflows into existing processes (onboarding, JML, incident response).
• Global Governance & Compliance: Ensure training and reporting align with global regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, industry-specific regulations). Provide evidence and reporting for internal and external audits. Maintain training records and ensure compliance across all regions.
• Security Champions Network: Build and manage a global network of security champions to amplify awareness efforts. Deliver toolkits, content, and community sessions to engage champions across multiple business units and countries.

Skills, Experience & Qualifications

Essential: Proven experience in delivering security awareness, human risk, or behavioural change programmes in medium- to large organisations (1,000+ users). Strong understanding of cybersecurity fundamentals, threat landscape, and common human-related risks. Experience designing training, campaigns, and communication for diverse global audiences. Knowledge of awareness platforms (e.g., KnowBe4, Proofpoint, Cofense, Hoxhunt, CybSafe, LMS tools). Excellent communication, storytelling, and stakeholder-influencing skills. Strong data-driven mindset with ability to create metrics dashboards and analyse behavioural trends.

Desirable: Certifications such as: SANS Security Awareness (SSAP), CISSP, Security+, or equivalent. Experience in multinational or complex matrixed environments. Experience building security champions/advocacy networks. Background in behaviour science, learning & development, psychology, or communications.