Specialist: Cybersecurity Awareness at Road Accident Fund

Key Performance Areas

Cybersecurity Awareness

• Program Development: Design and deploy a dynamic cybersecurity awareness program that addresses current threats, regulatory requirements, and industry best practices.
• Ensure the program is engaging and accessible to all employees, regardless of their technical background.
• Content Creation: Produce a wide range of educational materials, including interactive training modules, newsletters, videos, and presentations tailored to different roles within the organisation.
• Training and Workshops: Organise and conduct regular cybersecurity training sessions, workshops, and webinars for employees, focusing on relevant topics such as phishing, password security, and secure internet practices.
• Phishing Simulations: Plan and execute simulated phishing campaigns to assess employee vulnerability and provide targeted training to improve their ability to identify and report malicious emails.
• Feedback and Improvement: Collect and analyse feedback from training sessions and simulations to continuously improve the cybersecurity awareness program.
• Monitor the latest cybersecurity trends and threats to keep the program up to date.

Auditable Record Keeping

• Implement clear processes and procedures to guarantee the maintenance of auditable records for all security activities under your responsibility.
• Keep precise records of training and simulations.
• Ensure that records are readily available for auditing within the stipulated deadlines.

Policy Review and Implementation

• Contribute to developing and implementing departmental policy, standards & procedures, and processes.
• Keep up to date with effective policy and practice execution strategies.

Reporting

• Track and report on the progress and effectiveness of the cybersecurity awareness program to senior management, including metrics on employee participation and improvement.
• Assist in creating and submitting reports to various governance entities.
• Help establish effective reporting mechanisms for management, projects, or performance insights.
• Consistently offer progress reports and make timely submissions to aid in management decisions.

Cross Functional Collaboration

• Work closely with ICT and HR departments to integrate cybersecurity awareness into the onboarding process for new hires and to develop policies that reinforce a secure organizational culture.
• Work closely with the ICT, Legal, Compliance, HR and L&D departments to define cybersecurity awareness program that meets the organisational needs.
• Deal with inquiries and requests for information from both internal and external stakeholders related to your role.

Draft and Maintain Documented Standards, Processes and Procedures for the Team

• Create comprehensive standards, processes, and procedures for cyber security awareness.
• Keep all related standards, processes, procedures, and supporting documents up-to-date and authorised in accordance with RAF policy and governance frameworks.
• Follow RAF policies, standards, processes, and procedures diligently.

Incident Response and Remediation Management for the ICT Environment

• Support the cyber incident response team by contributing to post-incident reports and lessons learned to incorporate real-world scenarios into the awareness program.
• Thoroughly investigate incidents and apply appropriate corrective actions where necessary to address and resolve issues related to your domain.
• Act promptly to incidents and requests, ensuring resolution within the mandated time frames to comply with legal obligations.
• In the event of a security breach or incident, conduct a detailed investigation, analysis, and review to understand the root cause and impact to RAF users.
• Communicate accordingly to different stakeholders to maintain the right levels of knowledge during incidents.
• Work in close coordination with the rest of the cybersecurity and networks teams to enhance security posture.

Qualifications and Experience

• Bachelor’s Degree/ Advanced Diploma in Information Technology or related qualification.
• ITIL or COBIT will be advantageous.
• Relevant 5 - 7 years’ experience in Information Security related environment with demonstratable experience of running Cyber Awareness Programs.
• Experience with Phishing Simulation Tools such as  KnowBe4, Proofpoint, or PhishMe which allows organisations to create and send simulated phishing emails to employees.
• Experience with Cyber Awareness Learning Management Systems platforms that offer a centralised place for cybersecurity training materials, allowing for the creation, distribution, and tracking of cyber awareness courses and content.