Cyber Human Factors Manager

Job Description

The Role:

As a member of the Information Security team, the Cyber Human Factors Manager designs and operates a framework and methodology to manage risks related to cyber security human factors and behaviour, leads the lifecycle management of Information Security policies, and defines and reports metrics that enable decision‑making on cyber behaviours and culture across the organisation.

This role is crucial in ensuring cybersecurity efforts are aligned with human behaviour and organisational culture, strengthening the overall security posture and reducing human‑related cyber risk.

• Develop, maintain, and continuously improve policies related to human factors in cybersecurity, aligned to recognised good practice (including the NIST Cybersecurity Framework).
• Ensure policies are comprehensive, current, and effectively communicated across the organisation.
• Partner with Legal and Compliance to ensure policy content meets relevant regulatory and organisational requirements.

• Design, implement, and manage cybersecurity training programmes for employees at all levels, ensuring content is engaging, role‑appropriate, and effective.
• Operate defensive phishing campaigns and other human‑factors security testing activities to measure and improve user behaviour.
• Coordinate with departmental leaders to tailor training and interventions based on role‑specific risk profiles and business needs.
• Monitor training outcomes and continuously improve methodologies based on feedback, metrics, and evolving threats.

• Define key metrics to assess cyber behaviours and security culture across the organisation.
• Implement methods to collect and analyse data on employee compliance, training completion, policy adherence, and human‑related security incidents.
• Produce regular dashboards and reports that identify trends, vulnerabilities, and improvement actions for leadership audiences (including the CISO).
• Collaborate with IT and Security teams to integrate behavioural metrics into overall cyber risk assessments and reporting.

• Identify and assess human‑related cybersecurity risks and vulnerabilities across the business.
• Develop mitigation strategies using a combination of technology controls, policy, process, and training interventions.
• Conduct regular reviews, risk assessments, and assurance activities to evaluate the effectiveness of human‑risk mitigations and recommend improvements.

• Work closely with IT, HR, Operational Resilience, Governance and other relevant teams to embed human factors into security initiatives and organisational change.
• Partner with incident response teams to analyse human‑related contributors to incidents and ensure lessons learned are translated into sustainable behavioural improvements.
• Participate in cross‑functional projects to ensure human‑centric security requirements are addressed from design through to adoption.

• Bachelor's degree in cybersecurity, psychology, human factors, or related field, or demonstrable equivalent knowledge.
• Proven experience in cybersecurity, with a focus on human factors, behaviour analysis, or organizational psychology.
• In‑depth knowledge of the NIST Cybersecurity Framework and other relevant industry standards.
• Strong understanding of human behaviour, cognition, and decision‑making processes in the context of cybersecurity.
• Experience developing and implementing cybersecurity policies and training programs.
• Proficiency in data analysis and the ability to derive insights from complex datasets.
• Excellent communication and interpersonal skills, with the ability to engage with stakeholders at all levels of the organization.
• Desirable to have relevant certifications such as CISSP, CISM, or CIPM.

We offer all employees a comprehensive benefits package that focuses on their whole wellbeing. This includes hybrid working, a competitive base salary, non‑contributory pension, discretionary bonus, insurances including health (family) and dental…