KPMG
Team
This role is in the KPMG UK Information Security function, reporting to the Head of Awareness & Education for KPMG UK LLP. The Awareness and Education Manager supports the Head of Awareness & Education in creating and running an organization-wide communications and training effort to manage KPMG UK human InfoSec risk, in cooperation with other parts of the organisation (e.g. Internal and External Communication teams, business and technology leaders). This will be accomplished by identifying top human risks related to information security and compliance and the changes in behaviours needed to manage those risks.
The Awareness & Education team will be made of 3-4 permanent team members, including this role. The team will also work with Security Liaison (the more technical business liaison team), a number of awareness and learning content providers, KPMG’s “UK Learning” function, and Internal Communications.
Role
- The role involves provision of Information Security awareness & education across the UK Firm. The awareness and education team will help to defend KPMG and its clients by ensuring KPMG personnel are aware of how they need to manage information to identify and reduce risks related to information security. The role is to move from an environment of compliance to a security culture by influencing behaviour.
The Awareness and Education Manager will:
- Support development of the strategy for information security awareness & education across the Firm, and for the services delivered by the Information Security team. One key team objective is to educate and influence a wide range of stakeholder groups and to formulate a roadmap to deliver this within the agreed budget, updating it regularly to reflect the changing environment
- Collaborate with aligned groups such as UK learning, Internal and external Communications, Security Liaison, Data Privacy and Protection, Building and Facilities Security, to provide a consistent and reliable service & approach
- Working with Security Liaison, and for given areas of the business, actively build and manage relationships with stakeholders and ensure customer satisfaction, by understanding the business context and priorities, monitoring quality and impact, and reviewing and evolving the approach as necessary
- Support the design, creation, and communication of material to meet the needs of Information Security, including mandatory, specialised, and senior management training in line with regulatory and client requirements
- Support the addressing of identified security risks and gaps through awareness and education actions
- Be involved in the development of the security training and awareness campaigns and content (seminars, town halls, cyber security events, e-Learning, tooling e.g. phishing buttons, communication materials, etc) required to execute the security awareness campaigns.
- Be involved in planning, preparation and execution of security education and awareness campaigns – owning some campaigns or specific parts of campaigns
- Measure the effectiveness of the security awareness campaigns and changes of behaviours as a result of the campaigns
- Contribute towards a high-performance culture and towards high quality outputs and outcomes
- Contribute towards training of Information Security professionals and amateurs (e.g. champions and people operations leaders) to develop the InfoSec skills needed to meet the future needs of the service
- Ensure collateral you develop and for which you are responsible is easily accessible, relevant, available and up to date across several channels
- Contribute to the Security Awareness Zone (portal)
- Provide internal support to the Information Security team and support them in developing training and communication activities related to their operational / project areas
- Provide any other duties which may be reasonably required to ensure the delivery of the services provided by the Education & Awareness team.
Prior experience
You must have:
- Excellent and relevant experience in security awareness and training
- Demonstrable track record in managing/running security awareness campaigns
- Knowledge of and experience with Internal Communication functions
- Good relationship building skills for a wide range of stakeholder types
- The ability to adapt communication style to explain technical concepts to different people within an organisation whether advising stakeholders, directing teams or sharing experience
- Experience in translating security requirements into impacts for end users and the ability to weave a narrative around this
- Experience of providing blended learning to develop cultural changes including webinars, interactive online training, 1:1 instruction etc.
- Experience In developing active communities that share knowledge and experience around a domain
It would be advantageous if you can demonstrate some or all of the following:
- Experience with managing third parties to deliver elements of your service
- Experience with creating measurable learning experiences
- Experience in creating and/or running social engineering simulation campaigns
- Experience of Instructional Design, preferably applied in the past for a Technology or Information Security domain