Information Security Consultant (Education & Awareness) roles...

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
Hello, so i came across this role recently and it looks pretty new, as in i have never seen dedicated infosec education roles before . I guess with everything going on recently in uk maybe these sort of roles will become the norm. Can you see these type of roles becoming more common?


  • Options
    jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    they are in the US... SETA is the best bang for the buck when looking at reducing your attack surface for phishing. Every organization should have some sort of education and awareness program... depending on the sector and regulatory bodies for it it may be a hard requirement
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • Options
    SoCalGuy858SoCalGuy858 Member Posts: 150 ■■■□□□□□□□
    Plenty of opportunities around! Companies like Wombat, KnowBe4, PhishMe, and even the training and certification organization SANS Institute.

    I interviewed for a position with one of these companies in which the employee designs and manages phishing campaigns for clients (basically a "managed phishing provider").
    LinkedIn - Just mention you're from TE!
  • Options
    DurangoDurango Member Posts: 9 ■□□□□□□□□□
    I'm really interested in the human side of security. I've looked for Security Awareness training/education positions but I rarely see any advertised on any on the job sites. SANS has been promoting the idea of a Security Awareness Officer for several years now. I think it's a great idea but it seems like security awareness programs are the first thing to suffer when budgets get cut.
  • Options
    ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I haven't seen positions that ONLY deal with that. Information Security Officers are mostly responsible for end user security education and awareness programs. That or they team up with training departments to conduct the training. I guess it depends on how big the company is...

    You could look into consulting gigs that focus on that stuff. I'm sure a lot of companies bring in consultants to help beef up their education programs.
  • Options
    chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    Job in question:

    At Standard Life we care deeply about the safety of our staff, our customers and clients and our operations. We know that the threats against us are many and varied. The Security Strategy, Architecture and Engineering (SSAE) team is part of Standard Life’s Chief Information Security Office and provides specialist security expertise across all of Standard Life. The SSAE team is responsible for setting direction for the CISO, advocating for change and advising business teams on how to design, build and operate services that are fit for the modern workplace. We understand the outside world and the impact it has on our business.

    The Role

    We are looking for a talented consultant to join our fast moving team. This role will suit someone who has already started their career and is eager to take more responsibility for how the organisation manages the threats we face. They will work closely with consultants and architects, building responsibility. As we develop our education and awareness programme they will help shape the overall direction we take. The successful candidate will have a track record of developing compelling messages for a wide variety of business stakeholders.


    Information security consultants support Standard Life business units, helping them identify, understand and manage security risks to the organisation. They build strong relationships across the company to embed local accountability for the safe operation of the business.


    Planning and regular refresh of the security education and awareness programme, covering prioritised content and topics, key messages, target audiences, delivery and communications methods, and a rolling timeline
    Regular assessments of Standard Life’s information security position and recommended improvements
    Advice on the implementation of the information security elements of the Protection of Information & Resilience policy to improve the control environment and avoid the cost of future remediation
    Create eye catching material and rich contentthat is relevant and easy to understand in appropriate formats
    Be able to communicate security messages positively and enthusiastically
    Deliver and coordinate work as part of the security education and awareness programme


    Support the development of the Information Security team as a dynamic and respected area for delivery of strategic change within Standard Life
    Develop security expertise in a complex, rapidly changing environment
    Develop and maintain credibility to support Head of SSAE in embedding good security practice throughout Standard Life
    Build awareness of Standard Life’s changing business environment to be able to identify and advise on the impact of change
    Develop relationships with peers in different business areas, influencing effectively and promoting secure practices
    Maintain security expertise in a complex, rapidly changing environment
    Planning and organising own workload


    Audit, Compliance and Risk


    Skills & Qualifications

    Relevant degree, post graduate qualification or industry experience
    Strong planning skills
    Strong written and verbal communications skills with experience of producing and delivering education and awareness


    Experience working in Information Security
    Experience in Digital, Marketing or Communications
    Recognised professional information security qualification
    Experience of working in the financial services environment
    Ability to communicate complex security concepts in an accessible manner
    Confident and experienced in delivering face to face presentations
    Excellent stakeholder management skills


    Analytical Skills
    Laws, Regulations & Standards
    Managing Risk
    Quality Assurance
    Communication Skills
    Consultancy Expertise
    Build Relationships
    Working Across Boundaries
    Impact & Influence
    Information Seeking
  • Options
    UnixGuyUnixGuy Mod Posts: 4,567 Mod
    I run Education & awareness program (as a small part of my job). I enjoy it but I can't imagine doing it full time to be honest

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • Options
    chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    What do ye think of the job spec above?
Sign In or Register to comment.