Information Security Cyber Culture Manager (m/f/d)
WARSAW, PL, 00-841
Information Security Cyber Culture Manager (m/f/d)
About the position:
The CyberSecurity Culture & Capability Manager is responsible for developing and embedding a strong cybersecurity culture across the JTI by driving behavioral change, strengthening workforce capability, improving adoption of secure practices, and governing information security communications. The role partners with Change Management, People & Culture (P&C), Learning & Development (L&D), Internal Communications, and Cyber Security teams.
Responsibilities:
- Cybersecurity Culture & Behaviour Change
Develop and execute the enterprise cybersecurity culture and capability roadmap aligned to security strategy.
Establish initiatives that drive measurable changes in cybersecurity awareness, behaviors, and accountability.
Partner with Change Management team to embed security adoption and behavioral reinforcement into business transformation initiatives.
- Capability Development & Learning
Partner with Change Management, P&C and L&D to integrate cybersecurity learning into onboarding, leadership, and development journeys.
Develop role-based security capability pathways.
Oversee modern, measurable cyber security learning programs.
- Security Communications & Engagement
Own and govern information security communications to ensure messaging is curated, consistent, clear,and business aligned.
Develop communication campaigns and editorial governance in partnership with Change Management Team.
Faciliate awareness initiatives, campaigns, and engagement activities.
- Human Risk & Behavioral Reinforcement
Coordinate phishing simulation and social engineering exercises.
Use simulation outcomes to improve learning, communications, and engagement.
Partner with cyber teams to align campaigns to emerging threats.
Measure behavior change and security culture maturity.
- Stakeholder Collaboration, Influence & Continuous Improvements
Build strong partnerships with Change Management, P&C, L&D, Internal Communications, and business leaders.
Act as a trusted advisor to security leadership on culture and adoption.
Define KPIs and reporting for culture, capability, communications, and human risk reduction.
Continuously improve programs using outcomes and insights.
Requirements:
- Bachelor's degree in Cyber Security, Information Technology, Business, Communications, Organizational Development, Learning & Development, Human Resources, Psychology, or a related discipline.
- Postgraduate qualification in Cyber Security, Organizational Change, Communications, Learning, or Business is desirable.
- Relevant certifications are advantageous (e.g., Security awareness,Organizational Change, Learning Design, Information Security).
- 7+ years of experience across cybersecurity, awareness, organizational change, learning, communications, or capability development.
- Experience designing and delivering enterprise-wide security culture or awareness programs.
- Experience deliviering phishing simulation and human risk reduction initiatives.
- Experience partnering with Change Management, P&C, and L&D functions.
- Experience developing executive communications and engagement strategies.
- Experience measuring culture and behavior outcomes using data and metrics.
- Fluent English written & spoken
- Security Culture & Behaviour Change
- Human Risk Management and Phishing Simulation
- Strategic Communications and Content Governance
- Stakeholder Engagement and Influence
- Learning Strategy and Adult Learning Principles
- Organizational Change Management
- Security Awareness Program Design
- Capability Framework Development
- Data Analysis and KPI Reporting
- Program and Portfolio Management
- Executive Communication and Presentation