Information Security Consultant (Education & Awareness) roles...

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
Hello, so i came across this role recently and it looks pretty new, as in i have never seen dedicated infosec education roles before . I guess with everything going on recently in uk maybe these sort of roles will become the norm. Can you see these type of roles becoming more common?

Comments

  • jcundiffjcundiff Member Posts: 486 ■■■■□□□□□□
    they are in the US... SETA is the best bang for the buck when looking at reducing your attack surface for phishing. Every organization should have some sort of education and awareness program... depending on the sector and regulatory bodies for it it may be a hard requirement
    "Hard Work Beats Talent When Talent Doesn't Work Hard" - Tim Notke
  • SoCalGuy858SoCalGuy858 Member Posts: 150 ■■■□□□□□□□
    Plenty of opportunities around! Companies like Wombat, KnowBe4, PhishMe, and even the training and certification organization SANS Institute.

    I interviewed for a position with one of these companies in which the employee designs and manages phishing campaigns for clients (basically a "managed phishing provider").
    LinkedIn - Just mention you're from TE!
  • DurangoDurango Member Posts: 9 ■□□□□□□□□□
    I'm really interested in the human side of security. I've looked for Security Awareness training/education positions but I rarely see any advertised on any on the job sites. SANS has been promoting the idea of a Security Awareness Officer for several years now. I think it's a great idea but it seems like security awareness programs are the first thing to suffer when budgets get cut.
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    I haven't seen positions that ONLY deal with that. Information Security Officers are mostly responsible for end user security education and awareness programs. That or they team up with training departments to conduct the training. I guess it depends on how big the company is...

    You could look into consulting gigs that focus on that stuff. I'm sure a lot of companies bring in consultants to help beef up their education programs.
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    Job in question:


    At Standard Life we care deeply about the safety of our staff, our customers and clients and our operations. We know that the threats against us are many and varied. The Security Strategy, Architecture and Engineering (SSAE) team is part of Standard Life’s Chief Information Security Office and provides specialist security expertise across all of Standard Life. The SSAE team is responsible for setting direction for the CISO, advocating for change and advising business teams on how to design, build and operate services that are fit for the modern workplace. We understand the outside world and the impact it has on our business.

    The Role

    We are looking for a talented consultant to join our fast moving team. This role will suit someone who has already started their career and is eager to take more responsibility for how the organisation manages the threats we face. They will work closely with consultants and architects, building responsibility. As we develop our education and awareness programme they will help shape the overall direction we take. The successful candidate will have a track record of developing compelling messages for a wide variety of business stakeholders.

    Responsibilities

    Information security consultants support Standard Life business units, helping them identify, understand and manage security risks to the organisation. They build strong relationships across the company to embed local accountability for the safe operation of the business.

    Outputs

    Planning and regular refresh of the security education and awareness programme, covering prioritised content and topics, key messages, target audiences, delivery and communications methods, and a rolling timeline
    Regular assessments of Standard Life’s information security position and recommended improvements
    Advice on the implementation of the information security elements of the Protection of Information & Resilience policy to improve the control environment and avoid the cost of future remediation
    Create eye catching material and rich contentthat is relevant and easy to understand in appropriate formats
    Be able to communicate security messages positively and enthusiastically
    Deliver and coordinate work as part of the security education and awareness programme

    Challenges

    Support the development of the Information Security team as a dynamic and respected area for delivery of strategic change within Standard Life
    Develop security expertise in a complex, rapidly changing environment
    Develop and maintain credibility to support Head of SSAE in embedding good security practice throughout Standard Life
    Build awareness of Standard Life’s changing business environment to be able to identify and advise on the impact of change
    Develop relationships with peers in different business areas, influencing effectively and promoting secure practices
    Maintain security expertise in a complex, rapidly changing environment
    Planning and organising own workload

    Job

    Audit, Compliance and Risk

    Essential

    Skills & Qualifications

    Relevant degree, post graduate qualification or industry experience
    Strong planning skills
    Strong written and verbal communications skills with experience of producing and delivering education and awareness

    Desirable

    Experience working in Information Security
    Experience in Digital, Marketing or Communications
    Recognised professional information security qualification
    Experience of working in the financial services environment
    Ability to communicate complex security concepts in an accessible manner
    Confident and experienced in delivering face to face presentations
    Excellent stakeholder management skills

    Competencies

    Analytical Skills
    Laws, Regulations & Standards
    Managing Risk
    Quality Assurance
    Communication Skills
    Consultancy Expertise
    Build Relationships
    Working Across Boundaries
    Impact & Influence
    Information Seeking
  • UnixGuyUnixGuy Mod Posts: 4,570 Mod
    I run Education & awareness program (as a small part of my job). I enjoy it but I can't imagine doing it full time to be honest
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    What do ye think of the job spec above?
Sign In or Register to comment.