Security Awareness Lead in City of Westminster

To lead and evolve TMHCC International's security awareness and culture programme, embedding a strong human-centric security mindset across the organisation. Reporting to the CISO for International, you will define and deliver a comprehensive awareness strategy that reduces human risk, improves security behaviours, and supports compliance with regulatory and internal security requirements. You will work closely with business, HR, technology, and risk teams to ensure security awareness is engaging, measurable, and aligned to organisational priorities.

Responsibilities

• Define and deliver a global security awareness and culture strategy aligned to TMHCC International's risk profile and business objectives.
• Design and implement targeted awareness campaigns, training programmes, and initiatives to address key human risks (e.g., phishing, social engineering, data protection).
• Lead the phishing simulation programme, including scenario design, execution, reporting, and continuous improvement.
• Develop role-based and risk-based training tailored to different user groups, including senior leadership and high-risk populations.
• Collaborate with HR, Communications, and Learning & Development teams to embed security into onboarding, training, and employee lifecycle processes.
• Establish and maintain a network of security champions to promote security awareness and good practices across the organisation.
• Measure programme effectiveness through metrics, behavioural insights, and reporting, driving continuous improvement.
• Provide regular reporting to the CISO and senior stakeholders on human risk, awareness maturity, and programme impact.
• Ensure alignment with regulatory requirements and internal policies related to security training and awareness.
• Stay current with emerging threats and awareness best practices, incorporating innovative approaches to engagement and behaviour change.

Performance Objectives

• Deliver a measurable and effective security awareness programme that demonstrably reduces human-related security risk across TMHCC International.
• Improve employee engagement and security behaviours through targeted, role-based training and awareness initiatives.
• Provide clear, data-driven reporting on programme effectiveness, supporting risk visibility and informed decision-making at senior levels.

Qualifications

• Demonstratable experience in security awareness, information security, risk, or related roles, with a focus on human risk or behavioural change.
• Proven experience designing and delivering security awareness programmes in a global or enterprise environment.
• Strong understanding of common cyber threats, including phishing, social engineering, and insider risk.
• Experience running phishing simulation platforms and interpreting results to drive improvements.
• Familiarity with learning management systems (LMS) and awareness platforms (e.g., KnowBe4 or similar).
• Ability to design engaging training and communication materials for diverse audiences.
• Experience defining and tracking metrics to measure awareness effectiveness and behavioural change.
• Strong stakeholder management skills, with the ability to influence across all levels of the organisation.
• Excellent communication and presentation skills, with the ability to convey security concepts in a clear and engaging way.

Desirable

• Experience within financial services or other regulated industries.
• Knowledge of behavioural science or human risk management approaches.
• Relevant certifications (e.g., CISSP, CISM).
• Experience building and managing security champion networks or community-led initiatives.

Benefits

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals.