Group Cyber Security Culture & Awareness Manager

at  Cognita Schools

ABOUT COGNITA

Cognita is a global leader in independent education. Founded in 2004, we are a growing community of 100+ schools in 16 countries - in Europe, North America, Latin America, Asia and the Middle East - serving more than 85,000 students. Each of our schools are proudly unique, however our collective purpose is to create an environment where everyone can, ‘Thrive in a rapidly evolving world’.

WHO WE ARE LOOKING FOR:

The ideal candidate should have a strong understanding of cyber security best practices and industry standards, excellent communication, presentation, and interpersonal skills to effectively connect with audiences and influence stakeholders. Proficiency in preparing communications, reports, presentations, and other deliverables using Microsoft Word, Excel and PowerPoint, with a keen eye for design and detail. They should be creative and imaginative, with a pragmatic approach to security, and possess strategic planning abilities with a hands-on approach to implementing change. An understanding of risk-based approaches for culture and awareness strategy and planning, along with the ability to coordinate major security incident response communication processes.
The candidate must work collaboratively with cross-functional teams, manage diverse drivers and personalities, and be receptive to constructive feedback. Being self-motivated, collaborative, and calm under pressure, with up-to-date knowledge of the latest IT and cyber security trends is vital.
Desirable skills include experience with the Microsoft Security stack, Power BI, graphic design, video editing, project management, and knowledge of common security management frameworks. Relevant professional qualifications and experience in developing and delivering cyber security culture and awareness programs in large global organisations are essential, while experience in the educational sector and decentralised global business models is desirable.

ABOUT THE ROLE

The Group Cyber Security Culture & Awareness Manager is a key leadership role focused on transforming the organisation’s approach to cyber security. We seek an innovative candidate to promote best practices and foster positive security behaviours among staff and students. This role requires creativity and strategic problem-solving to address the unique challenges of a diverse, multi-regional organisation. Success will involve delivering consistent messaging while meeting local needs, ultimately reducing security risks and protecting digital assets. The ideal candidate will thrive in a dynamic, high-growth environment with a commitment to using technology to enhance student success.

WHAT YOU WILL BE DOING:

In your new role you will be evolving, managing, and delivering an enterprise-wide, risk-based information security culture, awareness, and engagement strategy to support the ongoing security culture transformation initiative. This includes collaborating with regional teams, schools, and other stakeholders to ensure security messages are effectively communicated and understood across all levels of the organisation, requiring flexibility, creativity, and clear messaging to foster a consistent, security-first culture. Additionally, the role entails collaborating with key strategic vendors to manage deliverables and outputs related to security culture and awareness initiatives, ensuring alignment with industry regulations, standards, and compliance requirements. Responsibilities also include designing, developing, and delivering engaging cyber security training materials tailored to various employee and student groups, simplifying complex security concepts for non-technical staff, and enhancing the existing phishing simulation programme to raise awareness of phishing risks.
This role supports the development and communication of new policies and processes, staying updated on the latest cyber security threats and trends to ensure training content remains relevant and impactful, and exploring new security training techniques and technologies. Furthermore, it involves strengthening and engaging the existing group of Cyber Security Champions, leading and executing awareness campaigns, addressing communication challenges in a decentralised organisation, regularly updating the Group Cyber Security Intranet pages, and delivering clear communications during security incidents. Managing the Group Cyber Security mailbox and providing timely support to the business is also essential. Finally, the role includes developing key performance indicators (KPIs) and other metrics to assess the effectiveness of security awareness initiatives, preparing and delivering Management Information (MI) reports, and supporting the Group Cyber Security leadership team in preparing cyber security presentations for senior business stakeholders.