Mission Context
The assignment is positioned in the CoE Security ‘Security Awareness & Training’ team. The principal responsibilities of this team are:
– at least nurture basic security hygiene for all populations by creating awareness around typical security pitfalls (applicable to them) such as weak passwords, storing sensitive data in the cloud, opening unsafe attachments in an email;
– for the Bank’s ‘Key Pockets of Risk’ (such as staff vulnerability to phishing attacks) go beyond creating ‘mere’ awareness and ensure that our employees are effectively able to recognize and react responsibly towards cybersecurity threats by e.g. running punctual tests; recognize successes and address failures as part of continuous improvement.
– have cybersecurity rooted in our DNA, i.e. rooted in the responsibilities, the attitude and the daily functioning of all levels of staff.
The key objective of this assignment is to develop and deliver strategies, methodologies, communications campaigns and training plans to develop and foster a culture of security across the bank, empowering users to take appropriate action as security risks arise.
Function Description
Responsibilities and main tasks:
– Work with the security teams to identify top human risks to our organization and the behaviors we need to change to manage those risks
– Develop a positive and comprehensive security awareness and training program (a.o. approach, goals, and objectives) that engages people and encourages behavioral change
– Identify if any roles require additional or more specialized training and ensure those roles receive it
– Ensure that our program is effectively changing these behaviors and drive the program towards maturity (a.o. repeatable, efficient, and lean processes)
– Create a metrics framework that can effectively measure and communicate transparently on the impact of the program
– Ensure the program is in line with most relevant industry regulations, standards, and compliance requirements
– Structure and maintain this program to be long-term, so that we ultimately embed cybersecurity in our corporate DNA
– Serve as a consultant/advisor to security domain owners and support them with their communication and training needs
– Act as a ‘capability owner’ within the bank and coordinate cross-team/-departments/-entity to ensure alignment and consistency
– Research and study advancements in educational technologies and methods
– Continually work with and learn from our security team/experts and stay current with the latest cybersecurity concepts, terminology, and risks
Professional Experience
– Project management experience: ability to plan, manage and maintain a complex and bank-wide program over the long term
– Familiar with the financial services industry
– Exposure to cybersecurity topics
Soft Skills
– Excellent communication skills: ability to communicate complex messages in a simple, clear, and engaging manner with all levels within the organization
– Desire to learn and integrate new methods/technologies to further enhance behavioral change / deep learning
– Resilience and flexibility to explore different paths to achieve the desired outcome
– Highly organized and able to multi-task and manage concurrent deadlines
– Take initiative, reach out to and coordinate cross-team and departments
– Good analytical and synthesis skills
– Quick self-starter, pro-active attitude
– Autonomy, commitment, and perseverance
– Ability to work in a dynamic and multi-cultural environment
– Ability to overcome set-backs and difficulties; seeks (and finds) solutions
– Excellent writing skills; must be able to write a high-quality synthesis for Sr. management