Job Title

Job Title: Cyber Security Awareness Specialist Department: Information Security Group (ISG) Location: REMOTE,1 year CONTRACT Reports To: Head – Cybersecurity Awareness & Training Job Type: Full-time Job Purpose The Cyber Security Awareness Specialist plays a pivotal role in advancing Client's cybersecurity awareness and training initiatives. The position is responsible for embedding a culture of cybersecurity throughout the organization by designing and executing effective awareness programs, ensuring employee engagement, regulatory compliance, and the alignment of awareness initiatives with the bank’s broader security and risk management strategies. Key Responsibilities 1. Training Development and Delivery Design, develop, and implement tailored cybersecurity awareness training programs. Create and deliver engaging content via e-learning modules, videos, infographics, and live/virtual sessions. Continuously evaluate training effectiveness using metrics, surveys, and feedback loops. 2. Awareness Campaigns Plan and execute bank-wide cybersecurity campaigns aligned with global awareness events. Develop communication assets such as posters, newsletters, and email communications. Collaborate with Marketing, HR, and Communications to ensure unified messaging. 3. Phishing Simulations and Assessments Conduct phishing simulation exercises and analyze behavioral responses. Recommend targeted training based on findings and coordinate remediation efforts. Work with risk teams to mitigate human-factor vulnerabilities. 4. Policy Advocacy and Compliance Promote adherence to cybersecurity policies and industry best practices. Act as a liaison between the ISG and business units to clarify policies and gather feedback. 5. Monitoring and Reporting Track performance metrics for awareness initiatives and prepare periodic dashboards. Monitor incidents, user behavior, and campaign data to refine future programs. Stay abreast of threat trends to update content and training themes. 6. Collaboration and Leadership Partner with internal stakeholders including Business Units, Risk, HR, and IT. Serve as a cybersecurity ambassador, promoting a culture of accountability and risk awareness. Provide strategic input into the overall ISG roadmap related to human-centric security. Key Result Areas Increased employee cybersecurity awareness and reduced risky behaviors. Effective alignment of awareness initiatives with security incidents and audit findings. Demonstrated improvement in phishing simulation scores and policy adherence. Consistent and measurable training coverage across departments and geographies. Operating Environment and Framework Operating Scope: Across all Client's locations and digital channels. Regulatory Framework: Compliant with CBUAE, international standards (ISO 27001), and internal ISG policies. Working Relationships: Cross-functional teams including HR, Legal, IT, Business Units, Marketing, Risk, and Audit. Problem Solving & Decision-Making Evaluate and enhance awareness content based on employee behavior trends and threat intelligence. Advise stakeholders on awareness strategy aligned with regulatory and business needs. Recommend and support control implementations for mitigating human risk exposure. Knowledge, Skills, and Experience Essential Requirements: Minimum 10 years of experience in cybersecurity awareness or training roles, preferably in banking/financial services. Deep understanding of cybersecurity principles, emerging threats, and industry best practices. Strong knowledge of compliance and regulatory environments (e.g., CBUAE, GDPR, etc.). Experience with e-learning platforms, video editing tools, phishing simulation tools (e.g., KnowBe4), and gamified training solutions. Skills & Competencies: Excellent communication, presentation, and storytelling skills. Strong analytical, organizational, and project management capabilities. Creativity to craft engaging and accessible learning content. Strategic mindset with the ability to influence across senior stakeholders. Preferred Certifications: Mandatory/Preferred: CISA, CISM, CISSP, CRISC, ISO 27001 LA/LI, or equivalent. Strategic Insight Drive cultural transformation to build cyber risk awareness into employee behavior. Champion continuous improvement and innovation in user education. Influence senior leadership to prioritize security awareness as a strategic pillar of the bank’s cyber defense.