Report this ad

Head of Awareness & Education
Day rate contract- 6 months - perm
Canary Wharf/Remote working
Team
This role is in the KPMG UK Information Security function, reporting directly to the CISO (Chief Information Security Officer) for KPMG UK LLP. The Head of Awareness and Education leads an organization wide communications and training effort to manage KPMG UK human risk in cooperation with other parts of the organisation (eg Internal and External Communication teams, business and technology leaders). The team accomplishes this by identifying top human risks related to information security and compliance and the changes in behaviours needed to manage those risks. The team will be made of 3 permanent team members, including this role; but will also oversee a number of awareness and learning content providers while also working closely with UK Learning, Security Liaison and Internal Communications.
Role:
The role has two distinct phases covering the initial setup followed by the long-term leadership of the function:
1) Overseeing and project managing the establishment of a security awareness and education function including the definition of strategy, creation of the first tranche of awareness campaigns with associated training material, the identification of suitable KPI's to track progress and the recruitment of the staff members into a cohesive team.
2) Transitioning from the project phase into the operational phase, leading and being accountable for the end to end provision of Information Security awareness & education across the UK Firm. The awareness and education team will help to defend KPMG and its clients by ensuring KPMG personnel are aware of how they need to manage information to identify and reduce risks related to information security. The role is to move from an environment of compliance to a security culture by influencing behaviour.
Duties:
* Develop the strategy for the Information Security Culture department and for the services delivered by the team. One key objective is to educate and influence a wide range of stakeholder groups and to formulate a roadmap to deliver this within the agreed budget, updating it regularly to reflect the changing environment
* Work collaboratively with aligned groups such as UK learning, Internal and external Communications, Security Liaison, Data Privacy and Protection, Building and Facilities Security, to provide a consistent and reliable service & approach;
* Actively build and manage relationships with key stakeholders and ensure customer satisfaction, by understanding the business context and priorities, monitoring quality and impact, and reviewing and evolving the approach as necessary;
* Create and manage the plan to draw on subject matter experts in the Information Security team to contribute and review specialist content
* Take accountability for the Information Security Culture service and oversee the delivery and quality of the service by your team, other KPMG teams and third parties;
* Design, create and communicate material to meet the needs of Information Security, ensuring mandatory, specialised and senior management training is undertaken to ensure meet regulatory and client requirements
* Review identified security risks and gaps in information security controls and the required security education to address these risks and gaps
* Develop the security training and awareness campaigns and content (seminars, town halls, cyber security events, e-Learning, tooling eg phishing buttons, communication materials, etc) required to execute the security awareness campaigns.
* Plan, prepare and execute the security education and awareness campaigns
* Measure the effectiveness of the security awareness campaigns and changes of behaviours as a result of the campaigns
* Lead and manage a team of high performing professionals in delivering the service;
* Provide opportunities and training to develop the skills needed to meet the future needs of the service;
* Be accountable for ensuring collateral is easily accessible, relevant, available and up to date across several channels
* Take accountability for maintaining and publishing the content for the Security Awareness Zone (portal)
* Provide internal support to the Information Security team and support them in developing training and communication activities related to their operational/project areas
Essential experience:
* Excellent and relevant experience in a similar leadership role;
* Strong track record in delivering complex learning and communication campaigns
* Strong expertise in Communication and Instructional Design, preferably applied in the past for a Technology or Information Security domain
* Demonstrated ability to engage with senior business stakeholders
* Be able to demonstrate the ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience;
* Experience in translating security requirements into impacts for end users and the ability weave a narrative around this
* Experience of providing blended learning to develop cultural changes including webinars, interactive online training, 1:1 instruction with senior figures etc
* Experience in defining clear learning, education and awareness strategy, to turn a strategy into an engaging multi-year programme, and to measure the benefits delivered by such a programme
* Experience In developing active communities that share knowledge and experience around a domain
* Experience in managing third party providers
Advantageous:
* Experience with creating measurable learning experiences;
* Experience in creating and running social engineering simulation campaigns
* Experience in running marketing campaigns and developing a product