InfoSec Awareness & Engagement Lead

InfoSec Awareness & Engagement Lead

About Andela

Andela exists to connect brilliance and opportunity. Since 2014, we have been dedicated to breaking down global barriers and accelerating the future of work for both technologists and organizations around the world. For technologists, Andela offers competitive long-term career opportunities with leading organizations, access to a global community of professionals, and educational opportunities with leading technology providers.

At Andela, we’re deeply passionate about creating long-lasting and transformative growth opportunities for all - and doing it in an E.P.I.C. way! We’re excited to continue building our remote-first team with incredible people like you. After applying for this role, you will join our Andela Community of brilliant technologists by passing a technical screening and live interview. As a community member, you’ll have access to many exclusive technologist roles. Join Andela today to access this opportunity and more in our global marketplace!

Our roles are typically filled at lightning speed, so if you’re considering applying, get your application in quickly!

-- Full-time

-- Payment in USD

Description

This role is responsible for designing, building, and running information security awareness and engagement programme from the ground up. It is not a content creation role. It is a programme lead role — combining marketing strategy, internal communications, vendor management, and behavioural change to shift the security culture across the bank. The lead owns the full programme: strategy, calendar, content, delivery, vendor sourcing, measurement, and executive reporting.

RESPONSIBILITIES

A. Programme Strategy & Design

• Design a holistic, annual InfoSec Awareness Programme covering all staff segments — branch employees, operations, technology, management, and executives.
• Segment the audience and tailor content and delivery methods per segment: role-based risks, language level, digital literacy, and regulatory obligations.
• Apply behavioural science principles (nudge theory, social proof, loss aversion) to design campaigns that change behaviour, not just increase awareness scores.
• Map programme activities to security pillars, CBE Cybersecurity Framework culture requirements, and PCI DSS awareness obligations.
• Define programme KPIs: phishing simulation click rates, training completion rates, awareness survey scores, and reported incident rates by staff.

B. Communication & Marketing Execution

• Produce and distribute security awareness communications across channels: email newsletters, intranet, digital signage, branch posters, and leadership messages.
• Write copy and design briefs that translate technical security concepts into plain, compelling business language — Arabic and English.
• Partner with Marketing function to ensure awareness materials align with the bank's brand guidelines and STEP strategy visual identity.
• Build and maintain an annual awareness calendar aligned to global events (Cybersecurity Awareness Month, Safer Internet Day, World Password Day) and internal milestones.

C. Interactive Activities & Vendor Management

• Source, evaluate, and manage vendors delivering awareness platform services (e.g., KnowBe4, Proofpoint Security Awareness, Terranova, or equivalent).
• Design and run phishing simulation campaigns: configure scenarios, set difficulty progression, manage employee follow-up training, and report results.
• Deliver interactive awareness sessions including workshops, tabletop scenarios, gamified learning, escape room formats, and lunch-and-learn events.
• Organise executive and board-level awareness sessions tailored to cyber risk and governance — these require different content and delivery than general staff campaigns.
• Manage vendor SLAs, budgets, and delivery quality for all third-party awareness service providers.

D. Measurement & Reporting

• Track programme performance metrics monthly: training completion, phishing click rates, awareness survey results, and engagement channel reach.
• Report quarterly to the Head of Engagement and CISO with trend analysis, benchmark comparisons (industry and Egyptian banking sector), and programme adjustments.
• Feed phishing click rate KRI data into the InfoSec KRI dashboard for board-level risk reporting.
• Conduct an annual security culture survey and produce a report with year-on-year trend and action plan.

Mandatory Experience

• Minimum 6 years of experience across information security, internal communications, or digital marketing — with at least 3 years specifically in security awareness programme management.
• Proven track record designing and running a security awareness programme in a financial institution — must be able to show measurable outcome improvements (e.g., phishing click rate reduction, training completion uplift).
• Strong Arabic and English written communication skills — content writing is a core part of this role.
• Experience managing awareness platform vendors and phishing simulation tools.
• Understanding of PCI DSS Requirement 12.6 (security awareness education) and CBE culture/awareness obligations.

Preferred Certifications

• SANS Security Awareness Professional (SSAP)
• CompTIA Security+ or equivalent foundational security qualification
• CIM Certificate/Diploma in Professional Marketing or equivalent marketing qualification

Preferred Experience

• Experience in Egyptian banking or Arabic-language corporate communication environments.
• Familiarity with KnowBe4, Proofpoint Security Awareness Training, or Terranova platforms.
• Experience delivering executive and board-level security briefings.
• Background in instructional design or adult learning principles.

What does Success look like in the first 90 days?

• Deliver a 12-month InfoSec Awareness Programme plan with audience segmentation, activity calendar, budget, and KPIs — approved by Head of Engagement and CISO.
• Launch first phishing simulation campaign with baseline click rate established.
• Deploy first all-staff awareness communication and track open/engagement rates.
• Produce vendor shortlist for awareness platform selection with comparative evaluation.

At Andela, we know our strengths lie in our diverse community whose talents, perspectives, backgrounds, and orientations we take pride in. Andela is committed to nurturing a work environment where all individuals are treated with respect and dignity. Everyone has the right to work in a professional atmosphere that promotes equal employment opportunities and prohibits discriminatory practices. Andela provides equal employment opportunities to all employees and applicants without regard to factors including but not limited to race, color, religion, gender, sexual orientation, gender identity, national origin, age, disability, pregnancy (including breastfeeding), genetic information, HIV/AIDS or any other medical status, family or parental status, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state and local laws. This commitment applies to all terms and conditions of employment, including but not limited to hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Our policies expressly prohibit any form of harassment and/or discrimination, as stated above