Assistant Manager, Governance & Cybersecurity Awareness (2 Years Contract)

Role Overview

The Governance & Awareness Lead drives enterprise-wide cybersecurity awareness and governance reporting to reduce human cyber risk. The role designs and delivers a risk‑based security awareness programme, measures and improves employee behaviour, and provides governance oversight to ensure GISO documentation and management reporting are accurate, consistent, and decision‑ready.

Key Job Accountabilities:Identify top human cyber risks and define required behaviour changes to mitigate those risksDesign, implement, and continuously improve a risk-based cybersecurity awareness program, incorporating employee feedbackPlan and execute simulated phishing campaigns and targeted awareness initiatives to drive measurable and sustained employee behaviour changeDevelop and manage a metrics framework to track compliance, employee behaviour, and program effectivenessProduce high‑quality management reporting using a single source of truth to support risk ownership and decision‑makingCreate clear, engaging security communications, training materials, and internal awareness contentPartner with Corporate Communications function to deliver regular, targeted messaging that reinforces a strong security‑aware cultureCoordinate governance oversight of GISO policies, standards, and guidelines, working with subject‑matter experts to ensure timely reviews and updatesManage GISO intranet content to ensure information is accurate, current, and easily accessibleLiaise with internal and external auditors on cybersecurity-related matters as requiredSupport Risk & Assurance function on cyber risk activities (e.g. CMMC, Control Self-Assessments) as requiredMonitor emerging threats and trends to ensure awareness content remains relevant and timely

Reporting Line:· This position reports to the Group Chief Information Security Officer (GCISO)

Required Experience and Qualifications:Degree in Communications, Marketing, Psychology, or a related discipline (or equivalent experience)Minimum 3 years’ experience in security awareness, communications, marketing, or related rolesDemonstrated ability to translate complex technical concepts into clear, practical guidance for diverse audiencesStrong stakeholder management and influencing skills across business units and enabling functionsExperience working with HR, Risk, Audit, and business stakeholdersHands-on experience with Microsoft M365 and Power BIExperience with Learning Management Systems (LMS), content authoring, and training delivery platformsSolid project management skills, including planning, execution, and outcome measurementStrong judgment, prioritisation, and attention to detail