Cedar are supporting a Public Sector client who are looking for an Interim Information Security Training Lead. This role is OUTSIDE IR35 on a contract that will initially run for 6 months with a day rate of up to £500 on offer. This role will be HOME BASED in line with government guidance - should there ever be a requirement to be onsite this will be agreed in advance and any expenses will be covered.
The successful candidate will be required to:
- Maintain the local Training & Awareness strategy, ensuring that any changes/updates are considered and included as necessary.
- Work with internal and external stakeholders, manage the provision and upkeep of Computer Based Training (CBT) content in relation to Information Security objectives.
- Use the Learning Management System (LMS) to provide oversight and reporting on the uptake/completion of Information Security training delivered via CBT content, work with various operational and delivery team leads to drive participation and completion rates.
- Ensure CBT content is refreshed and updated annually, tracking risk appetite and threat landscape with regards to Cyber Security.
- Maintain and keep up to date a range of awareness materials covering Information Security topics, working with the local team leads and management team to facilitate campaign based activities.
- Work with defined range of High-Risk User Groups to deliver more specific and tailored training appropriate to their needs, which may include face to face/group activities as required.
- Design and run phishing testing campaign activity using provided solution. This will include the preparation/crafting of test e-mails and the delivery/oversight of the campaign(s) to be run at an agreed frequency throughout the year. This element will also involve the reporting and follow up activities associated with such tests, including end-user training provision where necessary.
Candidates applying MUST HAVE:
- Recognised certification in Information Security such as CISSP, CISM, CRISC, etc. would be advantageous
- Understanding of the security of IT systems, networks and applications with consideration for the risks and controls that are commonly associated with people, process and technology in a large global organisation.
- Ability to write in a creative and engaging way seen as a significant advantage, to help bring to life the spirit and intent of the ISMS and training/awareness content.
- Previous experience in developing, maintaining and running a Computer Based Training (CBT) programme that addresses Information Security issues.
- Experience in the creation and running of Phishing simulation tests using tools such as KnowBe4 and/or Microsoft 365, including the delivery of reporting and follow up actions as may be necessary.
- Previous use of a Learning Management System (LMS) as the core platform to determine attendance, completion rates and to manage curriculum-based learning for Privacy & Information Security objectives.
- Desirable experience in the formation and running of cultural change programmes as it relates to Cyber Security in complex public sector organisations.
- Good understanding of the role that GRC plays in the effective implementation and embedding of management systems specifically related to Information Security within a large complex government organisation.
- Ability to establish effective working relationships across the local and wider IT/Business community with demonstrable experience of driving initiatives/campaigns associated with Information Security.
- Strong understanding of the departmental and operational impacts associated with the implementation of security tools/technologies, policies, standards and procedures.