Overview
PURPOSE & IMPACT: This role is known for ...
Leading the security culture programme for Nomad Foods, focusing on transforming employee's awareness of and approach / behaviour towards cyber security by delivering and maintaining a comprehensive cyber-security behaviour-change programme that reduces human risk by changing key risk behaviours.
Aligned to the IT Security organisation, Cyber Risk and working closely with suppliers, vendors, industry peers and wider security enterprises to identify new techniques and methods to improve our cyber security culture.
Leveraging expertise in learning, behaviour change and communication to educate and empower employees to navigate cyber risks safely and effectively.
Responsibilities
* Work closely with Cyber, IT and Risk teams to understand and prioritise human cyber risks. Engage with the wider Nomad business beyond IT to understand specific and unique risks based on different business areas and locations.
* Conduct such analysis (e.g. interviews, questionnaires, focus groups), as necessary, to deepen understanding of Nomad Foods general security culture and specific risk behaviours.
* Add to the existing understanding of Nomad Food's general security culture and any specific risky behaviours.
* Accountable for the development and delivery of the Nomad cyber security educational programme ranging from personal cyber hygiene to business processes.
* Support the creation and communication of end user security policies.
* Maintain an up-to-date security portal ensuring an informative and easy to navigate security resource for Nomad people.
* Collaborate with cyber and IT to craft and implement technical solutions that nudge employees towards making secure choices more naturally, thereby simplifying secure actions and complicating insecure ones.
* Track and report on key performance indicators (KPIs) to measure the effectiveness of the security awareness and culture programme.
* Identify high-risk user groups and develop targeted security awareness training based on their roles and requirements.
* Develop specific security training and awareness material for key events - (such as the creation of a new function, opening of a new office, acquisition etc.), or for events relating to an individual (joining, changing roles, taking on management responsibility etc.).
* Develop, deliver and report on phishing simulation campaigns / assessments.
* Own and manage the relationship and engagement with external training content providers and ensure industry leading materials are provided and uploaded into the Learning Management system (LMS).
* Deliver required security training to Board members aligned with requirements for NIS2. Represent Nomad in key working groups and user groups to ensure Nomad is remaining abreast of Cyber Security regulations.
* Develop and deliver security training sessions, webinars, newsletters, and campaigns to raise awareness and promote best practices.
* Build and maintain good links with corporate communication colleagues to ensure security messages are included as appropriate in corporate announcements, articles and briefs.
* Develop and support a network of Cyber Advocates to help reinforce cyber security messages and behaviours across the organisation. Develop the Cyber Advocate network who will constructively challenge and support the central security team's work; feedback and share problems, discuss solutions, and help to deliver effective security outcomes in their local areas. Establish the governance and drive the initiative forward.
* Support the maturity and reporting against the NIST CSF (Control PR.AT-1) and deliver evidence-based metrics and scoring framework to measure the success of the programme against culture change.
Qualifications
* An undergraduate or master's degree in information and cyber security, psychology, behavioural economics, organisational behaviour marketing, adult education, or a related field, or equivalent work experience.
* A solid understanding of the sociotechnical aspects of cyber security such as people-centric security, the role of human factors and the latest evidence on behaviour change for cyber security.
* A solid understanding of the theories, principles, and methods of behavioural science and experience in how they can be applied to organisational settings.
* An understanding of security principles, frameworks, standards, and best practices, such as NIST and ISO.
* Proven relevant work experience in applying behavioural science preferably in large and complex organisations.
* A strong portfolio of behaviour change interventions that demonstrate ability to design, implement, and evaluate interventions.
* Skilled in monitoring and evaluating the effectiveness of behaviour change initiatives through both qualitative and quantitative research methods.
* A certification in security awareness (SANS Security Awareness Professional (SSAP) or similar) is preferred.
* Relevant qualifications in Training, Communications, or Marketing.
* Experience in managing a champions community.
#J-18808-Ljbffr