Security Awareness Lead in London

Reporting to: International CISO

Direct Reports: N/A

Position Type: Full Time, Permanent

Why Tokio Marine HCC?

Standing still is not an option in the current world of Insurance. TMHCC is one of the world’s leading Specialty Insurers. With deep expertise in our chosen lines of business, our unparalleled track record and a solid balance sheet, TMHCC evaluates and manages risk like no one else in the industry. Looking beyond profit, empowering our people and delivering on our commitments are at the core of our customer values, along with a desire to grow and provide creative and innovative solutions to our clients.

About Operations

Operations sits at the heart of TMHCC, we ensure the smooth running of all business processes — from policy administration and claims handling to data, technology, and delivery. We focus on driving efficiency which enables our teams across the business to deliver exceptional results every day. Our value statement: Ops makes it happen.

Operations is made up of 7 functions, this role sits within: IT. We are the foundation for TMHCC’s success - enabling the business to grow, compete, and innovate through technology, security, and solution design. From shaping strategy to delivering resilient operations, we ensure every capability is aligned to business value. Our inclusive and collaborative culture empowers everyone to explore ideas, solve meaningful challenges, and build fulfilling careers that make a real impact.

Job Purpose:

To lead and evolve TMHCC International’s security awareness and culture programme, embedding a strong human-centric security mindset across the organisation. Reporting to the CISO for International, you will define and deliver a comprehensive awareness strategy that reduces human risk, improves security behaviours, and supports compliance with regulatory and internal security requirements. You will work closely with business, HR, technology, and risk teams to ensure security awareness is engaging, measurable, and aligned to organisational priorities.

Key Responsibilities:

• Define and deliver a global security awareness and culture strategy aligned to TMHCC International’s risk profile and business objectives.
• Design and implement targeted awareness campaigns, training programmes, and initiatives to address key human risks (e.g. phishing, social engineering, data protection).
• Lead the phishing simulation programme, including scenario design, execution, reporting, and continuous improvement.
• Develop role-based and risk-based training tailored to different user groups, including senior leadership and high-risk populations.
• Collaborate with HR, Communications, and Learning & Development teams to embed security into onboarding, training, and employee lifecycle processes.
• Establish and maintain a network of security champions to promote security awareness and good practices across the organisation.
• Measure programme effectiveness through metrics, behavioural insights, and reporting, driving continuous improvement.
• Provide regular reporting to the CISO and senior stakeholders on human risk, awareness maturity, and programme impact.
• Ensure alignment with regulatory requirements and internal policies related to security training and awareness.
• Stay current with emerging threats and awareness best practices, incorporating innovative approaches to engagement and behaviour change.

Performance Objectives:

• Deliver a measurable and effective security awareness programme that demonstrably reduces human-related security risk across TMHCC International.
• Improve employee engagement and security behaviours through targeted, role-based training and awareness initiatives.
• Provide clear, data-driven reporting on programme effectiveness, supporting risk visibility and informed decision-making at senior levels.

Skills and Experience Specification:

Essential:

• Demonstratable experience in security awareness, information security, risk, or related roles, with a focus on human risk or behavioural change.
• Proven experience designing and delivering security awareness programmes in a global or enterprise environment.
• Strong understanding of common cyber threats, including phishing, social engineering, and insider risk.
• Experience running phishing simulation platforms and interpreting results to drive improvements.
• Familiarity with learning management systems (LMS) and awareness platforms (e.g. KnowBe4 or similar).
• Ability to design engaging training and communication materials for diverse audiences.
• Experience defining and tracking metrics to measure awareness effectiveness and behavioural change.
• Strong stakeholder management skills, with the ability to influence across all levels of the organisation.
• Excellent communication and presentation skills, with the ability to convey security concepts in a clear and engaging way.

Desirable:

• Experience within financial services or other regulated industries.
• Knowledge of behavioural science or human risk management approaches.
• Relevant certifications (e.g. CISSP, CISM).
• Experience building and managing security champion networks or community-led initiatives.

What We Offer

The Tokio Marine HCC Group of Companies offers a competitive salary and employee benefit package. We are a successful, dynamic organization experiencing rapid growth and are seeking energetic and confident individuals to join our team of professionals. The Tokio Marine HCC Group of companies is an equal opportunity employer.