IT Security Culture & Awareness Manager

Introduction to Role

Are you ready to build a security-first culture that protects breakthrough science and the patients who depend on it? As an IT Security Culture & Awareness Manager you will drive measurable cultural change for AstraZeneca globally with sustained adoption of good cybersecurity principles. Leading and delivering cybersecurity training, communications, awareness and employee engagement activity. Supporting security teams globally to develop and mature an engaging and innovative cybersecurity training program.

This role works closely with the AZ IT Security organisation, cyber risk team, NIST and NIS2 programme, global learning and communications teams, data and privacy teams as well as across suppliers, vendors, industry peers and wider security enterprises to identify new cybersecurity education opportunities, communications and learning methodologies.

In this role, you will be responsible for developing and communicating brand compliant, engaging educational messages and campaigns on our internal social media platforms and directly to teams across AstraZeneca. You will be responsible for developing global cyber related training packages which are assigned through global learning management platforms.

Individuals with knowledge or experience of running phishing simulation campaigns and experience of data analytics and Power BI will have an advantage but must otherwise be keen to learn to manage and build training campaigns to test employee responses to phishing and vishing as we deliver our ambitious plans and continue to mature our cybersecurity training and awareness programme.

Experience in delivering impactful digital communications, learning & development content for diverse global audiences and to have excellent written, presentation and verbal skills with fluent English an advantage. Whilst not essential to have previous experience in cybersecurity, you will be eager to learn and build your experience in this area. You are also comfortable in building strong relationships with colleagues across the business and challenging behaviours that may be against our cybersecurity policies.

Typical Accountabilities

• Developing and delivering brand compliant, engaging educational collaterals, communication messages and campaigns and training course content on Workvivo, PageTiger, Synthesia, Articulate Rise, Proofpoint, Degreed and Cornerstone to teams across AstraZeneca.
• Suitability for global and tailored audiences with language translation experience.
• Managing, developing and growing our SecureAZ social space, pages and news and creating a system to track insights, engagement and feedback with effective automation.
• Supporting delivery of continued phishing simulation campaigns in existing tools and working as part of the core project team to transition to new tools whilst working to develop employee facing human risk scores and profiles to measure and track value with more tailored targeted training and awareness based on individual risk scores.
• Attending workshops and meetings with external partners, industry peers, liaising with key stakeholders, and coordinating the review of training materials, language translations, and learning management processes.
• Proposing and delivering your own initiatives to help mature our awareness and training programme.
• Monitoring our SecureAZ inbox and responding with advice on cybersecurity questions from employees to agreed SLAs.
• Delivering post incident instructor led training to individuals and small groups.
• Delivering cyber moment refreshers and reminders in small team meetings and at town halls as a small part of larger agendas and with global diverse audiences.
• Working closely and proactively with several teams, including but not limited to IT Security, data information & governance, privacy, physical security, AI, and global communication and learning technology teams to support and align on cybersecurity priorities and messages.

Essential Skills/Experience

• Excellent written, presentation and verbal skills.
• Ability to translate complex information and data into impactful content.
• Strong compliance experience/expertise.
• Attention to detail.
• High levels of drive, energy, resilience and a desire for professional excellence.
• Ability to hold self and others accountable for actions.
• Experience in leading or delivering global change management programs, communication campaigns, digital social media marketing campaigns, learning and development strategies.
• Experience of operating across a large matrix organisation with diverse countries, cultures and languages.
• Confident creating engaging on brand designs in PPT or other suitable tools for short video/multi-media targeted campaigns.
• Able to present to individuals, senior leaders, small team meetings and large town halls key cyber reminders and learning from incident messages.
• Experienced in engaging global workforce through social media channels.
• Experienced in developing learning and development content for diverse global audiences.
• Proven track record to work cross-team in a global environment.
• Ability to seek out and build innovative solutions with new suppliers and/or driving suppliers to propose and develop new innovative solutions.
• Strong change management and team working skills.
• Proven challenge, negotiation and influencing capabilities.
• Strong collaboration and relationship building skills.

Desirable Skills/Experience

• Familiarity with technical concepts in Cybersecurity, infrastructure or applications.
• Experience of operating security standards / frameworks such as ISO27001, NIST 800-53.
• An understanding of the principles of security governance, risk and controls.
• Project or programme management experience.
• Experience in working with data to validate risks and priorities.
• Experience and involvement with major IT Security transformation projects or programmes.
• Experience of developing and running phishing simulation campaigns.
• Experienced in at least 2 of the following: Adobe Creative software (Photoshop, Illustrator, Premiere, After Effects, Audition, InDesign, Animate), Articulate Rise, PageTiger, Synthesia, Degreed, Cornerstone, Power BI, Proofpoint ZenGuide, Workvivo, SharePoint.
• A can-do attitude and eagerness to learn more about employee engagement, learning & development and cybersecurity.
• Confidence in building strong relationships with colleagues across the business and challenging behaviours that are against our cybersecurity policies.
• Experience in cybersecurity is desirable but not essential.
• Understanding of security and human behaviour.
• Understanding of risks and threats in the corporate and cyber security environments, including insider threat and mitigations.
• Consistent track record of working with senior partners to deliver metrics and reporting and programme updates.

Why AstraZeneca?

Here, technology and science come together to open locks that lead to life-changing medicines. This role presents an opportunity to significantly impact AstraZeneca's global cybersecurity posture by helping to build a culture where secure behaviours are embedded into our every day, part of our DNA. An expectation to drive measurable cultural change for AstraZeneca globally with sustained adoption of best in class and industry leading cybersecurity practices, directly supporting the organisation's ability to reduce human cyber risk at scale while enabling the business to operate securely and confidently.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Ready to Make an Impact?

Step into a role where your craft in communications, learning and analytics will shape a security-first culture and protect breakthroughs — bring your expertise and help us reduce human cyber risk at global scale.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.