Security Awareness Lead in London

UK Only Please - Sponsorship is Unavailable

Hybrid Working - 3 days on site is Compulsory - London City

Role Summary

The Security Awareness Lead is responsible for developing, delivering, and continuously improving a global security awareness and behaviour change programme across a multinational organisation of 2,000+ users. This role ensures employees, contractors, and partners understand their security responsibilities, make secure decisions, and actively contribute to a strong security culture. The ideal candidate is a creative communicator, strategic thinker, and experienced security professional capable of driving organisation-wide behavioural change.

Key Responsibilities

• Security Awareness Strategy
  • Develop and own the global security awareness and human risk management strategy.
  • Align awareness initiatives with organisational risk, regulatory requirements, and the broader cybersecurity roadmap.
  • Establish a measurable, outcomes-driven approach focused on reducing human-related cyber risks.
• Awareness Programme Delivery
  • Design and deliver engaging security campaigns, training materials, microlearning modules, phishing simulations, and behavioural nudges.
  • Build a compelling internal 'security culture brand' to drive engagement and recognition.
  • Launch role-based training for high-risk groups (e.g., executives, finance, developers, privileged access users).
• Behaviour & Human Risk Management
  • Conduct human risk assessments and behavioural baselining across regions and business units.
  • Develop KPIs and metrics to track behavioural change, susceptibility, and programme effectiveness.
  • Use data insights from phishing, security incidents, and SOC analytics to drive targeted interventions.
• Stakeholder Engagement
  • Collaborate closely with HR, Communications, IT, Data Protection, Legal, and Regional Business Leads.
  • Influence senior stakeholders and communicate the business value of a strong security culture.
  • Support policy communication and ensure employees understand security responsibilities.
• Tooling & Technology
  • Manage the security awareness platform (LMS), phishing simulation tools, and behavioural analytics solutions.
  • Evaluate and procure new technologies to enhance the programme (awareness platforms, content providers, risk scoring tools).
  • Integrate awareness workflows into existing processes (onboarding, JML, incident response).
• Global Governance & Compliance
  • Ensure training and reporting align with global regulatory requirements (ISO 27001, NIST, SOC 2, GDPR, industry-specific regulations).
  • Provide evidence and reporting for internal and external audits.
  • Maintain training records and ensure compliance across all regions.
• Security Champions Network
  • Build and manage a global network of security champions to amplify awareness efforts.
  • Deliver toolkits, content, and community sessions to engage champions across multiple business units and countries.

Skills, Experience & Qualifications

Essential

• Proven experience in delivering security awareness, human risk, or behavioural change programmes in medium-to-large organisations (1,000+ users).
• Strong understanding of cybersecurity fundamentals, threat landscape, and common human-related risks.
• Experience designing training, campaigns, and communication for diverse global audiences.
• Knowledge of awareness platforms (e.g., KnowBe4, Proofpoint, Cofense, Hoxhunt, CybSafe, LMS tools).
• Excellent communication, storytelling, and stakeholder-influencing skills.
• Strong data-driven mindset with ability to create metrics dashboards and analyse behavioural trends.

Desirable

• Certifications such as: SANS Security Awareness (SSAP), CISSP, Security+, or equivalent.
• Experience in multinational or complex matrixed environments.
• Experience building security champions/advocacy networks.
• Background in behaviour science, learning & development, psychology, or communications.