Key Responsibilities:
Security Awareness Programme Management
-
Manage all aspects of the organisation’s security awareness training programme, including mandatory quarterly training for all employees.
-
Own the security awareness roadmap and annual campaign calendar, ensuring coverage of key risks and regulatory expectations.
-
Ensure awareness programme coverage across divisional and regional locations, including coordination of local delivery and site visits.
-
Manage and administer the Proofpoint Security Awareness Platform, including:
-
Training modules
-
Phishing simulations
-
Reporting and metrics
-
Work with HRIS teams to deliver quarterly and ad‑hoc security training through Workday.
-
Respond to and manage reported phishing emails via PhishAlarm, ensuring appropriate handling and feedback to users.
-
Deliver monthly security awareness induction training for all new starters.
-
Run regular awareness webinars, lunch‑and‑learn sessions, and other in‑person and virtual briefings.
-
Select, deploy, and deliver role‑specific training for specialist job functions such as IT, Finance, HR, and other high‑risk roles.
-
Run role‑specific awareness sessions, highlighting risks and attack scenarios relevant to specific job functions.
-
Propose, design, and implement novel awareness initiatives (e.g. competitions, quizzes, games) to improve engagement and effectiveness.
Phishing & Human Risk Testing
-
Own and manage the phishing testing programme, including:
-
Regular phishing simulations
-
Analysis of results and trends
-
Targeted follow‑up training for repeat failures
-
Escalate risky user behaviour and repeat failures to line management in line with agreed processes.
-
Work with SecOps and Incident Response teams to incorporate real‑world attack patterns into testing and training.
-
Set up and manage restrictions on access to Uniphar resources for persistent failures
Physical & Behavioural Security Audits
-
Conduct physical USB testing (e.g. trojan USB drops) to assess user behaviour.
-
Perform clean desk audits across office locations.
-
Conduct unattended workstation locking audits and report findings.
-
Use audit outcomes to inform targeted awareness campaigns and improvements.
Awareness Communications & Campaigns
-
Manage the Cybersecurity Intranet site, publishing regular security awareness updates and guidance.
-
Design, procure, and distribute physical and digital awareness media, including:
-
Posters
-
Stickers
-
Digital signage
-
Deliver regular themed security awareness campaigns across all channels (physical media, desktop messaging, training modules).
-
Lead the organisation’s October Security Awareness Month, including:
-
Campaign planning
-
Training
-
Quizzes, games, and surveys
-
Engagement reporting
Metrics, KPIs & Continuous Improvement
-
Produce regular metrics and reporting on:
-
Training completion rates
-
Programme reach
-
Phishing simulation results
-
Engagement and effectiveness
-
Meet and report against defined KPIs for programme effectiveness.
-
Conduct user surveys to gather feedback and measure awareness maturity.
-
Incorporate survey results, metrics, and incident data into continuous programme improvements.
Collaboration & Stakeholder Engagement
-
Work closely with IT and SecOps to maximise delivery of security awareness messaging to end users, including:
-
System notifications
-
Pop‑ups and warnings
-
Desktop backgrounds and banners
-
Coordinate with divisional IT and communications teams to localise awareness delivery.
-
Carry out divisional and regional site visits to distribute materials and deliver local workshops.
Skills & Experience
Essential
-
Minimum of 5 years’ experience in IT, Information Security, learning development or related role
-
Proven experience delivering security awareness, training, or behavioural risk programmes.
-
Strong understanding of phishing, social engineering, and human‑centric cyber risks.
-
Experience managing awareness platforms and learning delivery tools.
-
Strong communication and presentation skills.
-
Ability to engage effectively with both technical and non‑technical audiences.
Please note that Uniphar is an equal-opportunity employer; we do not discriminate and welcome all responses. #uniphargroup