GROUP CYBER SECURITY AWARENESS ANALYST

The Group Cyber Security Awareness Analyst is responsible for supporting the design, delivery, and continuous improvement of Compass Group’s global cyber security awareness programme. This is a maternity leave cover role focused on ensuring continuity and effectiveness of awareness, phishing simulation, and learning activities.

This role focuses on embedding safer cyber behaviours across the organisation through role-relevant learning, phishing simulations, and targeted guidance. Working closely with Group cyber security and local market technology teams, HR, and external partners, the role ensures security awareness activities are aligned to real business risk and operational priorities.

The role plays a key part in driving measurable behaviour change by using data and insight to continually refine content, targeting, and engagement across Compass Group’s global workforce.

Key accountabilities:

• Security Awareness Programme Delivery: Own and support the ongoing delivery and continuous improvement of the global cyber security awareness programme, ensuring alignment to business risks, threat trends, and operational priorities.
• Phishing & Learning Platform Management: Lead the rollout and day-to-day operation of phishing simulation and learning development platforms. Support market onboarding, define clear operating models, and manage support boundaries and ownership transitions between Group and markets.
• Role-Relevant Guidance & Training: Develop and deliver targeted, role-appropriate guidance and training for employees, leaders, and incident responders to influence safer day-to-day decision-making and consistent reporting behaviours.
• Measurement & Effectiveness: Measure programme effectiveness using meaningful KPIs such as training completion, phishing simulation outcomes, and reporting rates. Use data and insight to identify trends, adjust programme focus, and drive measurable behaviour change.
• Stakeholder Engagement: Work closely with Group and market stakeholders to promote awareness activities, support local adoption, and ensure programmes are relevant, practical, and well understood.
• Continuous Improvement: Stay informed on emerging social engineering techniques and awareness best practices. Continuously refine content, delivery methods, and engagement approaches to maintain effectiveness over time.
• Team Support & Flexibility: Provide support to wider Group cyber security activities where required, assisting with cross-team initiatives, operational priorities, and ad-hoc activities to ensure overall team effectiveness and resilience.

Business Dimensions:

This role supports Compass Group PLC applications and users globally, with a focus on enterprise-wide security awareness and behaviour change across multiple markets. The role reports into the Group Deputy CISO. The role has no direct reports.

Expected Role KPIs:

• Development in line with the Personal Development Plan
• Accurate and insightful reporting
• Timely delivery of awareness campaigns and platform rollouts
• Projects and improvement activities delivered to schedule

Key Skills and Experience

• Experience in cyber security awareness, training, learning platforms, or behavioural change programmes
• Understanding of phishing, social engineering, and human-centric cyber risk
• Experience supporting or operating learning management and phishing simulation platforms
• Strong data analysis skills with the ability to translate metrics into insight and action
• Strong written and verbal communication skills
• Ability to engage effectively with technical and non-technical stakeholders
• Highly organised with strong attention to detail
• Familiarity with security frameworks and standards (e.g. NIST, ISO 27001) is desirable

Possible Next Career Steps:

This role is a cover position focused on maintaining continuity and effectiveness of the Group cyber security awareness programme. While formal progression opportunities may be limited within this role, it provides valuable exposure to global cyber security operations, stakeholder engagement, and behavioural risk management, supporting the development of transferable skills applicable to future roles within cyber security, risk, or technology functions.