About this role
Key Responsibilities: Security Awareness Programme Management
• Manage all aspects of the organisation’s security awareness training programme, including mandatory quarterly training for all employees. • Own the security awareness roadmap and annual campaign calendar, ensuring coverage of key risks and regulatory expectations. • Ensure awareness programme coverage across divisional and regional locations, including coordination of local delivery and site visits. • Manage and administer the Proofpoint Security Awareness Platform, including: • Training modules • Phishing simulations • Reporting and metrics
• Work with HRIS teams to deliver quarterly and ad‑hoc security training through Workday. • Respond to and manage reported phishing emails via PhishAlarm, ensuring appropriate handling and feedback to users. • Deliver monthly security awareness induction training for all new starters. • Run regular awareness webinars, lunch‑and‑learn sessions, and other in‑person and virtual briefings. • Select, deploy, and deliver role‑specific training for specialist job functions such as IT, Finance, HR, and other high‑risk roles. • Run role‑specific awareness sessions, highlighting risks and attack scenarios relevant to specific job functions. • Propose, design, and implement novel awareness initiatives (e.g. competitions, quizzes, games) to improve engagement and effectiveness.
Phishing & Human Risk Testing
• Own and manage the phishing testing programme, including: • Regular phishing simulations • Analysis of results and trends • Targeted follow‑up training for repeat failures
• Escalate risky user behaviour and repeat failures to line management in line with agreed processes. • Work with SecOps and Incident Response teams to incorporate real‑world attack patterns into testing and training. • Set up and manage restrictions on access to Uniphar resources for persistent failures
Physical & Behavioural Security Audits
• Conduct physical USB testing (e.g. trojan USB drops) to assess user behaviour. • Perform clean desk audits across office locations. • Conduct unattended workstation locking audits and report findings. • Use audit outcomes to inform targeted awareness campaigns and improvements.
Awareness Communications & Campaigns
• Manage the Cybersecurity Intranet site, publishing regular security awareness updates and guidance. • Design, procure, and distribute physical and digital awareness media, including: • Posters • Stickers • Digital signage
• Deliver regular themed security awareness campaigns across all channels (physical media, desktop messaging, training modules). • Lead the organisation’s October Security Awareness Month, including: • Campaign planning • Training • Quizzes, games, and surveys • Engagement reporting
Metrics, KPIs & Continuous Improvement
• Produce regular metrics and reporting on: • Training completion rates • Programme reach • Phishing simulation results • Engagement and effectiveness
• Meet and report against defined KPIs for programme effectiveness. • Conduct user surveys to gather feedback and measure awareness maturity. • Incorporate survey results, metrics, and incident data into continuous programme improvements.
Collaboration & Stakeholder Engagement
• Work closely with IT and SecOps to maximise delivery of security awareness messaging to end users, including: • System notifications • Pop‑ups and warnings • Desktop backgrounds and banners
• Coordinate with divisional IT and communications teams to localise awareness delivery. • Carry out divisional and regional site visits to distribute materials and deliver local workshops.
Skills & Experience Essential
• Minimum of 5 years’ experience in IT, Information Security, learning development or related role • Proven experience delivering security awareness, training, or behavioural risk programmes. • Strong understanding of phishing, social engineering, and human‑centric cyber risks. • Experience managing awareness platforms and learning delivery tools. • Strong communication and presentation skills. • Ability to engage effectively with both technical and non‑technical audiences. Please note that Uniphar is an equal-opportunity employer; we do not discriminate and welcome all responses. #uniphargroup