The Role
Role Summary
The Group are transforming the way in which the cyber security risk is managed across the group. A new cyber strategy has been agreed; there is a short-term focus on security hygiene and resilience while a multi-year transformation programme is initiated to introduce new and make improvements to existing cyber capabilities and services.
The Cyber Security Culture Manager will be the driving force behind a mission to create a security-first mindset across a global, diverse organisation. This role sets the vision for cyber security culture, embedding security as a core value and shaping behaviours that protect people, processes, and assets. By defining clear goals and delivery roadmap for cultural maturity, it ensures alignment with business objectives, regulatory requirements, and industry best practice.
Reporting to the CISO, this role builds strong relationships with senior leaders and advocates across Group’s divisions, influencing change and creating a unified security posture. Acting as a cultural leader, the role champions continuous improvement, leveraging data-driven insights to strengthen security behaviours and reduce human risk. It fosters collaboration across security teams and business units, enhancing engagement and building a high-performing, values-driven environment. Through compelling communications and thought leadership, the role amplifies the voice of the CISO and ensures security messaging resonates at every level of the organisation.
Success in this role means delivering measurable improvements in security culture—where secure choices are intuitive, risk is reduced at scale, and every colleague feels empowered to navigate cyber threats confidently. This is a unique opportunity to shape the future of security culture and leave a lasting impact on the resilience of a global enterprise.
Role Responsibilities/Accountabilities
Key Responsibilities:
Set the Strategic Vision for Security Culture
• Define and own the long-term strategy for cyber security culture, ensuring alignment with business objectives, regulatory requirements, and industry best practice.
• Establish a clear roadmap for cultural maturity and embed security as a core value.
Drive Continuous Improvement of Security Culture
• Monitor and assess cultural maturity through surveys, KPIs, and behavioural metrics.
• Identify gaps and implement initiatives that strengthen security behaviours and reduce human risk.
• Champion best practices and foster collaboration between security teams and business units.
Enhance the Culture of Security Teams
• Promote a high-performing, collaborative, and values-driven environment within and across the security teams.
• Develop initiatives that improve team engagement, communication, and alignment with the security vision.
• Act as a role model for cultural leadership within the security function
• Plan, coordinate and facilitate Group Cyber Security (GCS) team meetings.
Create and Curate Strategic Content on Behalf of the CISO
• Develop high-quality, impactful content for internal audiences, including executive communications, presentations, and thought leadership pieces.
• Ensure messaging reflects the Groups security vision, priorities, and cultural objectives.
• Collaborate with corporate communications to maintain consistency and clarity in all security-related messaging.
Collaborate with the Global Cyber Security
• Partner with Global Cyber Security peers to ensure cultural initiatives complement technical controls, risk frameworks, and strategic priorities.
• Work closely with the Cyber Transformation Programme and BTS to deploy phishing simulation campaigns and implement tools that uplift cyber culture.
• Align cultural objectives with broader security programmes to deliver a unified and effective security posture.
Stakeholder Engagement and Advocacy
• Build strong relationships with senior leaders, divisional business units, and functional teams to influence and embed security culture.
• Represent the Group in relevant forums, working groups, and industry networks to share insights and adopt best practices.
Measurement and Reporting
• Define KPIs and success metrics for cultural initiatives and report progress to the CISO and senior leadership.
Use data-driven insights to refine strategies and demonstrate measurable improvements in security culture.
Experience, Knowledge, Skills & Attributes
Essential
• Proven experience in cyber security awareness, culture, or behavioural change programs within a large, complex organisation.
• Proven track record of working with senior partners to deliver metrics and reporting and progress updates.
• Strong understanding of human risk factors and security best practices.
• Excellent written, presentation and verbal skills with fluent English (written and verbal).
• Articulate and effective communicator across a range of formats, able to convey complex topics with ease to a variety of audiences and persuade others of the importance of security.
• Build excellent relationships, credibility and influence easily with people at different levels, working to persuade them of the need to work with security in-mind.
Desirable
• Experience of working in a federated environment.
• Experience of operating security standards / frameworks such as ISO27001, NIST 800-53, NIS2.
• Experience and involvement with major Cyber Security transformation projects or programmes
:quality(80))
:quality(80))
:quality(80))