SRC Manager, Culture & Skill

The Culture & Skill Manager is a hands‑on, execution focused individual contributor responsible for designing, delivering and maintaining the organisation's cybersecurity culture and awareness programme. Operating within the GRC function, this role owns the day-to-day delivery of security awareness campaigns, phishing simulation programmes, learning management system (LMS) administration, and the development of the SRC skills matrix and learning pathways.

This is not a purely strategic role – the individual is expected to be involved in execution, working cross‑functionally with HR, Communications, and business unit stakeholders to embed a strong security culture across the organisation. The role sits within a small, focused team and requires a proactive, self‑sufficient professional who can both design and deliver.

What you’ll be doing

• Design, plan and deliver end‑to‑end security awareness campaigns across the organisation, covering relevant cybersecurity topics and relevant risks for example Artificial Intelligence.
• Manage the annual awareness calendar, ensuring campaigns are timely, relevant and aligned to the organisation's current risk landscape.
• Develop or coordinate with supplier to deliver engaging, audience‑appropriate content across multiple formats (e-learning, video, intranet, posters, newsletters, toolkits)
• Coordinate with Internal Communications, central functions and business unit partners to maximise campaign reach and effectiveness.
• Track and report on campaign engagement metrics and outcomes.
• Own and run the Cyber Champions Network (CCN) across the group, acting as the primary point of contact for Champions across markets, business units and functions.
• Coordinate regular CCN communications, meetings and events to keep Champions engaged and informed.
• Develop toolkits, guides and resources to enable Champions to drive local security culture initiatives.
• Monitor CCN health and participation, and develop strategies to grow and sustain the network.
• Design and execute phishing simulation campaigns using the organisation's chosen platform, ensuring scenarios are realistic, varied and progressively challenging.
• Analyse simulation results, identify trends and at‑risk populations, and develop targeted follow‑up interventions.
• Produce clear, actionable reporting on phishing simulation outcomes for GRC leadership and relevant business stakeholders.
• Administer the organisation's Learning Management System (LMS), including user management, content uploads, course assignments and completion tracking.
• Ensure mandatory security training is assigned, tracked and completed within required timeframes across all relevant populations.
• Troubleshoot LMS issues and liaise with the LMS team or internal IT teams as required.
• Maintain accurate training completion records and produce compliance reporting.
• Develop and maintain the SRC skills matrix, mapping required competencies across GRC, security operations, risk management and compliance disciplines.
• Design role‑appropriate learning paths for SRC team members and, where relevant, for the broader IT and business community.
• Identify skills gaps within the SRC team and recommend targeted development interventions.
• Keep learning paths current by monitoring evolving industry certifications, frameworks and skill requirements.

About you

• 5+ years of experience in cybersecurity, GRC, or IT Risk, with a focus on or strong interest in security awareness, culture and capability development.
• Demonstrated hands‑on experience designing and delivering security awareness programmes or campaigns.
• Experience administering or working within an LMS platform (e.g. LearnUpon, Proofpoint, or similar)
• Practical experience running phishing simulation programmes.
• Familiarity with security awareness frameworks and best practices (e.g. SANS Security Awareness, NIST SP 800‑50, ISO 27001 Annex A.7.2.2)
• Strong written communication and content creation skills.
• Experience working cross‑functionally with HR and Communications teams advantageous
• Certifications (preferred): CompTIA Security+, CISM, ISO 27001 Foundation or equivalent, SANS Security Awareness Professional (SSAP)
• Execution‑focused with strong delivery discipline and attention to detail.
• Creative communicator with the ability to make security topics engaging and accessible to non‑technical audiences.
• Organised and structured, able to manage multiple concurrent campaigns and workstreams.
• Collaborative and relationship‑oriented, with the ability to work effectively with a distributed network of Champions and cross‑functional partners.
• Data‑driven approach to measuring programme effectiveness and driving continuous improvement.
• Self‑sufficient and proactive – comfortable operating with a degree of autonomy and minimal supervision.
• Genuine passion for building security culture and developing people's security capabilities.

Inclusion

We believe in talent, not labels. We focus on the diverse and unique skills our people bring. Our culture of belonging and purpose ensures everyone can thrive and feel engaged. We are proud to be an Equal Opportunity Employer, committed to equity, equal opportunity, inclusion, and diversity.

Accommodations

We are committed to providing an inclusive and accessible recruitment process for all candidates. If you require any additional accommodations or support due to a disability or other special circumstances, please let us know by contacting us. We will work with you to ensure your needs are met throughout the hiring process.