Cyber HumanRisk Specialist

Division:Operations
Department: Cyber and Information Resilience

• Salary: National (Edinburgh and Leeds) ranging from £43,300- £60,000and London from £46,400 - £63,000 (salary offered will be based on skills and experience

• This role is graded as: Senior Associate – Corporate

• Your internal recruitment contact is Fizah viafizahfarouk.ibrahim@fca.org.uk

• Your external recruitment contact is Raimonda via raimonda.stankute@fca.org.uk

• Applications must besubmittedthrough our online portal. Applications sent via social media or email will not be accepted

About the FCA and team

We regulate financial services firms in the UK, to keep financial markets fair,thrivingand effective. By joining us,you’llplay a key part in protecting consumers, driving economic growth, and shaping the future of UK finance services

The Cyber and Operational Resilience directorateis responsible forenabling secure and resilient regulation within the FCA and PSR – an organisation responsible for protecting all UK consumers and financial markets.

Cyber and Information Resilience (C&IR)is responsible forthe management of cyber security at the FCA. The role of cyber securityis toprotectthe FCA's data and systems from malicious and/or accidental activity, including theft,damageand disruption, in order that the FCA can deliver its key business functions. C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.

This senior associate sits in the People Risk team and is part of the widerGovernanceand Human Risk team within that directorate. This role will play a key part in shaping our organisation’s approach toidentifyingand mitigating risks posed by human behaviour, whilemaintainingour team’s ethos of being friendly and approachable to foster positive relationships across the organisation.

This roleis responsible fordesigningand deliveringan innovative programme that empowers employees to make informed security decisions, champion best practices, and design pathways to explain and inform on emerging cyber risks.The role willdevelop and implement strategies to influence positive and negative behaviours, reducevulnerabilitiesand build strong relationships with the organisation.

Role responsibilities

• Developand delivereffective and innovativecyber securitybehavioural-change initiatives thatensureemployees understand and own their role in reducing organisational cyber risk;and have responsibility for the ongoing improvement of the programme

• Ownand deliver a stakeholder engagement and management strategy, aligning internal and external stakeholders with best practice and organisational priorities and manage the team’s relationship with external service providers, including training providers.

• Measure the effectiveness ofcyber security riskinitiatives using metrics, feedback, and incident data, and continuouslyanalyse human risk factors andrefine approaches using insightsfrom our work and from other cyberteams

• Develop and design a communications and engagement strategy and manage the implementation of that strategy through a series of regular communications andevents;including owningand deliveringthe Cyber Monthcalendar of events.

• Design and deliver a riskandrole‑basedtraining strategy, including tailored training materials,e‑learningand interactive exercisesin conjunction with our HR learning team

• Lead the ethical phishing simulation programme, ensuring realistic scenarios, supportive communications, and alearning‑focusedemployee experience

• Manage, grow, and mature the security ambassador network, providing structure, resources, training, and alignment with wider human risk goals

• Contribute to wider team activities, including inductions,ad‑hoctraining, MI reporting, and reactive or proactive security communications

Skillsrequired

Minimum:

• Demonstrative experience of designing,deliveringand managingeffectivecyber securitybehavioural change initiatives

• Extensive experience indeveloping and delivering aneffectivestakeholder managementand engagement strategy

• Extensive experience working at a strategic level,creatingor significantly contributing to organisational strategies and long-term plans

Essential:

• Experience in delivering innovative andeffectivecyber securitybehavioural changecampaigns, translating technical topics for a range ofaudiencesand balancing serious topics with apositive and engagingapproach

• Practical experience designing and delivering effective mandatory and bespokecyber securitytraining programmes that supported organisational culture change

• Superb communications skills including written effective influence across diverse audiences

• Demonstratable experience of organising and deliveringan engagement strategy, including the delivery of events in a range of formats

• Well-developed organisational skills and the capacity to prioritise and complete a range of tasks under strict time constraints

Benefits

• 25 days annual leave plus bank holidays

• Non-contributory pension (8–12% depending on age) and life assurance at eight times your salary

• Private healthcare with Bupa, income protection, and 24/7 Employee Assistance

• 35 hours of paid volunteering annually

• Hybrid model where employees work a minimum of 40% in the office each month (expectation of 50% for senior leaders). Changing from September to a minimum of 50% in the office each month (expectation of 60% for Directors and Executive Directors) 

• A flexible benefits scheme designed around your lifestyle

For a full list of our benefits, and our recruitment process as a whole visit our benefits page

Our values and culture

Our colleagues are the key to our success as a regulator. We are committed to fostering a diverse and inclusive culture: onethat’sfree from discrimination and bias, celebrates difference, and supports colleagues to deliver at their best. We believe that our differences and similarities enable us to be a better organisation – one that makes better decisions, drives innovation, and delivers better regulation.

If yourequireany adjustments due to a disability or condition, your recruiter is here to help - reach out for tailored support.

We welcome diverse working styles and aim to find flexible solutions that suit both the role and individual needs, including options like part-time and job sharing where applicable.

Disability confident: our hiring approach
We’re proud to be a Disability Confident Employer, and therefore, people or individuals with disabilities and long-term conditions who best meet theminimumcriteria for a role will go through to the next stage of the recruitment process. In cases of high applicationvolumeswemay progress applicants whose experience most closely matches the role’s key requirements.

Useful information and timelines

Timeline:

• Jobadvertclose:midnight on the 01/06/2026

• CV Review/Shortlist: 03/06/2026

• Face to Face interview 10th and 11th of June 2026

• Your Recruiter will discuss the process in detail with you during screening for the role, therefore, please make them aware if you are going to be unavailable for any date during this time