InfoSec Awareness & Engagement Lead - Banking

Xenon7

Job Summary:

This role is responsible for designing, building, and running information security awareness and engagement

programme from the ground up. It is not a content creation role. It is a programme lead role combining

marketing strategy, internal communications, vendor management, and behavioural change to shift the security

culture across the bank. The lead owns the full programme: strategy, calendar, content, delivery, vendor sourcing,

measurement, and executive reporting.

 Key Responsibilities:

A. Programme Strategy & Design

Design a holistic, annual InfoSec Awareness Programme covering all staff segments branch

employees, operations, technology, management, and executives.

Segment the audience and tailor content and delivery methods per segment: role-based risks, language

level, digital literacy, and regulatory obligations.

Apply behavioural science principles (nudge theory, social proof, loss aversion) to design campaigns that

change behaviour, not just increase awareness scores.

Map programme activities to security pillars, CBE Cybersecurity Framework culture requirements, and

PCI DSS awareness obligations.

Define programme KPIs: phishing simulation click rates, training completion rates, awareness survey

scores, and reported incident rates by staff.

B. Communication & Marketing Execution

Produce and distribute security awareness communications across channels: email newsletters, intranet,

digital signage, branch posters, and leadership messages.

Write copy and design briefs that translate technical security concepts into plain, compelling business

language Arabic and English.

Partner with Marketing function to ensure awareness materials align with the bank's brand guidelines and

STEP strategy visual identity.

Build and maintain an annual awareness calendar aligned to global events (Cybersecurity Awareness

Month, Safer Internet Day, World Password Day) and internal milestones.

C. Interactive Activities & Vendor Management

Source, evaluate, and manage vendors delivering awareness platform services (e.g., KnowBe4,

Proofpoint Security Awareness, Terranova, or equivalent).

Design and run phishing simulation campaigns: configure scenarios, set difficulty progression, manage

employee follow-up training, and report results.

Deliver interactive awareness sessions including workshops, tabletop scenarios, gamified learning,

escape room formats, and lunch-and-learn events.

Organise executive and board-level awareness sessions tailored to cyber risk and governance these

require different content and delivery than general staff campaigns.

Manage vendor SLAs, budgets, and delivery quality for all third-party awareness service providers.

D. Measurement & Reporting

Track programme performance metrics monthly: training completion, phishing click rates, awareness

survey results, and engagement channel reach.

Report quarterly to the Head of Engagement and CISO with trend analysis, benchmark comparisons

(industry and Egyptian banking sector), and programme adjustments.

Feed phishing click rate KRI data into the InfoSec KRI dashboard for board-level risk reporting.

Conduct an annual security culture survey and produce a report with year-on-year trend and action plan.