Cyber Human Risk Specialist in London

Division: Operations

Department: Cyber and Information Resilience

Salary: National (Edinburgh and Leeds) ranging from £43,300- £60,000 and London from £46,400 - £63,000 (salary offered will be based on skills and experience)

This role is graded as: Senior Associate – Corporate

About the FCA and team

We regulate financial services firms in the UK, to keep financial markets fair, thriving and effective. By joining us, you’ll play a key part in protecting consumers, driving economic growth, and shaping the future of UK finance services.

The Cyber and Operational Resilience directorate is responsible for enabling secure and resilient regulation within the FCA and PSR – an organisation responsible for protecting all UK consumers and financial markets. Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. The role of cyber security is to protect the FCA's data and systems from malicious and/or accidental activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions.

C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division. This senior associate sits in the People Risk team and is part of the wider Governance and Human Risk team within that directorate. This role will play a key part in shaping our organisation’s approach to identifying and mitigating risks posed by human behaviour, while maintaining our team’s ethos of being friendly and approachable to foster positive relationships across the organisation.

This role is responsible for designing and delivering an innovative programme that empowers employees to make informed security decisions, champion best practices, and design pathways to explain and inform on emerging cyber risks. The role will develop and implement strategies to influence positive and negative behaviours, reduce vulnerabilities and build strong relationships with the organisation.

Role responsibilities

• Develop and deliver effective and innovative cyber security behavioural-change initiatives that ensure employees understand and own their role in reducing organisational cyber risk; and have responsibility for the ongoing improvement of the programme.
• Own and deliver a stakeholder engagement and management strategy, aligning internal and external stakeholders with best practice and organisational priorities and manage the team’s relationship with external service providers, including training providers.
• Measure the effectiveness of cyber security risk initiatives using metrics, feedback, and incident data, and continuously analyse human risk factors and refine approaches using insights from our work and from other cyber teams.
• Develop and design a communications and engagement strategy and manage the implementation of that strategy through a series of regular communications and events; including owning and delivering the Cyber Month calendar of events.
• Design and deliver a risk and role‑based training strategy, including tailored training materials, e‑learning and interactive exercises in conjunction with our HR learning team.
• Lead the ethical phishing simulation programme, ensuring realistic scenarios, supportive communications, and a learning‑focused employee experience.
• Manage, grow, and mature the security ambassador network, providing structure, resources, training, and alignment with wider human risk goals.
• Contribute to wider team activities, including inductions, ad‑hoc training, MI reporting, and reactive or proactive security communications.

Skills

• Minimum: Demonstrative experience of designing, delivering and managing effective cyber security behavioural change initiatives.
• Extensive experience in developing and delivering an effective stakeholder management and engagement strategy.
• Extensive experience working at a strategic level, creating or significantly contributing to organisational strategies and long-term plans.
• Essential: Experience in delivering innovative and effective cyber security behavioural change campaigns, translating technical topics for a range of audiences and balancing serious topics with a positive and engaging approach.
• Practical experience designing and delivering effective mandatory and bespoke cyber security training programmes that supported organisational culture change.
• Superb communications skills including written effective influence across diverse audiences.
• Demonstratable experience of organising and delivering an engagement strategy, including the delivery of events in a range of formats.
• Well-developed organisational skills and the capacity to prioritise and complete a range of tasks under strict time constraints.

Benefits

• 25 days annual leave plus bank holidays.
• Non-contributory pension (8–12% depending on age) and life assurance at eight times your salary.
• Private healthcare with Bupa, income protection, and 24/7 Employee Assistance.
• 35 hours of paid volunteering annually.
• Hybrid model where employees work a minimum of 40% in the office each month (expectation of 50% for senior leaders). Changing from September to a minimum of 50% in the office each month (expectation of 60% for Directors and Executive Directors).
• A flexible benefits scheme designed around your lifestyle.

Our values and culture

Our colleagues are the key to our success as a regulator. We are committed to fostering a diverse and inclusive culture: one that’s free from discrimination and bias, celebrates difference, and supports colleagues to deliver at their best. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation.

If you require any adjustments due to a disability or condition, your recruiter is here to help - reach out for tailored support. We welcome diverse working styles and aim to find flexible solutions that suit both the role and individual needs, including options like part-time and job sharing where applicable.

Disability confident: our hiring approach

We’re proud to be a Disability Confident Employer, and therefore, people or individuals with disabilities and long-term conditions who best meet the minimum criteria for a role will go through to the next stage of the recruitment process. In cases of high application volumes we may progress applicants whose experience most closely matches the role’s key requirements.

Useful information and timelines

Timeline: Job advert close: midnight on the 01/06/2026 CV Review/Shortlist: 03/06/2026 Face to Face interview: 10th and 11th of June 2026 Your Recruiter will discuss the process in detail with you during screening for the role, therefore, please make them aware if you are going to be unavailable for any date during this time.