Cyber Security Awareness

**Job no**: 526999
**Work type**: full time
**Location**: Sydney, NSW
**Categories**: Information Technology, Cyber
- Employment Type: full time continuing role as a Cyber Security Awareness and Organizational Engagement Lead
- Excellent salary including generous superannuation
- Location: UNSW Kensington Campus (Hybrid Working Opportunities)

**About UNSW**:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

The Cyber Security Awareness and Organizational Engagement Lead supports the development and implementation of strategies to reducing UNSW’s exposure to human-born cybersecurity risks and drive behavioural change across the end-user community through cyber awareness uplift and effective stakeholder engagement. Responsible for fostering a culture of security awareness across the organization and create a security conscious workforce, this role ensures that all employees understand their roles and responsibilities in protecting the University's information assets.

**Accountabilities**:

- Lead and operationally deliver the design, ongoing development, and execution of a comprehensive cybersecurity awareness program annually, in alignment with the Cyber Security Awareness Strategy.
- Provide strategic leadership in managing and improving UNSW’s security awareness and organisational engagement capabilities.
- Deliver and continually optimise regular security awareness phishing simulation campaigns, including those focused on Exec, Service Desk, Admin, Developer, and Researcher groups, to educate the end-user community on current threats and best practices.
- Lead and manage the delivery of quarterly cybersecurity Communities of Practice (CoP), including but not limited to GRC, vendor security, security awareness, and secure development.
- Create and regularly update training materials, including e-learning modules, workshops, webinars, and other engaging educational content.
- Run periodic presentations delivered by the CISO to Executive Leadership teams of all Business Units.
- Drive the annual Executive-level incident response tabletop or simulation exercise.
- Strategically plan, manage, and deliver the University-wide Cyber Security Summit biannually.
- Continually develop and deliver metrics to measure the effectiveness of security awareness programs and initiatives.
- Assess and report monthly to the CISO on the progress and impact of awareness activities.
- Present insights and recommendations for improvement in cybersecurity awareness and training to stakeholders, including but not limited to senior management, business owners, and broader IT, on a monthly basis through governance forums and other channels.
- Periodically survey staff and relevant stakeholders and adjust programs as needed to improve engagement and effectiveness.
- Manage the Mandatory Cyber Security Training Program, including compliance management and reporting.
- Support the development and dissemination of clear and concise communications during and after security incidents to maintain transparency and trust.
- Deliver proactive communications through Inside UNSW, Viva, IT Wrap, and other channels.
- Lead the biannual Casual Employment program and Graduate rotations within the team.
- Regularly update and improve awareness materials to address emerging threats and evolving organisational needs.
- Engage with senior leadership to secure support and resources for security awareness initiatives.
- Promote a culture of continuous improvement, championing professional standards, innovation, and methods.
- Align with and actively demonstrate the Code of Conduct and Values
- Ensure hazards and risks psychosocial and physical are identified and controlled for tasks, projects, and activities that pose a health and safety risk within your area of responsibility.

**Skills and Experience**:

- 7-10 years of experience in developing and delivering cyber security awareness and training programs.
- Experience working with global consulting firms, large organizations, or government agencies is highly desirable.
- Certifications such as CISM, CompTIA Security+, CRISC, CISSP, CEH or similar are preferred.
- Strong understanding of cyber security principles, practices, and awareness strategies.
- Familiarity with industry-wide security standards and compliance frameworks such as ISO 27001 and NIST.
- Strong project management skills with the ability to manage multiple initiatives simultaneously.
- Strong interpersonal, communication and negotiation skills including ability to develop effective relationships and influence key stakeholders at all levels in the organisation.
- Ability t