Cyber Human Risk Specialist

We regulate financial services firms in the UK, to keep financial markets fair, thriving and effective. By joining us, you’ll play a key part in protecting consumers, driving economic growth, and shaping the future of UK finance services.

The Cyber and Operational Resilience directorate is responsible for enabling secure and resilient regulation within the FCA and PSR – an organisation responsible for protecting all UK consumers and financial markets.

Cyber and Information Resilience (C&IR) is responsible for the management of cyber security at the FCA. The role of cyber security is to protect the FCA’s data and systems from malicious and/or accidental activity, including theft, damage and disruption, in order that the FCA can deliver its key business functions. C&IR is part of a Directorate lead by our CISO, Director of Cyber & Operational Resilience Division.

This senior associate sits in the People Risk team and is part of the wider Governance and Human Risk team within that directorate. This role will play a key part in shaping our organisation’s approach to identifying and mitigating risks posed by human behaviour, while maintaining our team’s ethos of being friendly and approachable to foster positive relationships across the organisation.

This role is responsible for designing and delivering an innovative programme that empowers employees to make informed security decisions, champion best practices, and design pathways to explain and inform on emerging cyber risks. The role will develop and implement strategies to influence positive and negative behaviours, reduce vulnerabilities and build strong relationships with the organisation.

Role responsibilities

• Develop and deliver effective and innovative cyber security behavioural-change initiatives that ensure employees understand and own their role in reducing organisational cyber risk; and have responsibility for the ongoing improvement of the programme

• Own and deliver a stakeholder engagement and management strategy, aligning internal and external stakeholders with best practice and organisational priorities and manage the team’s relationship with external service providers, including training providers.

• Measure the effectiveness of cyber security risk initiatives using metrics, feedback, and incident data, and continuously analyse human risk factors and refine approaches using insights from our work and from other cyber teams

• Develop and design a communications and engagement strategy and manage the implementation of that strategy through a series of regular communications and events; including owning and delivering the Cyber Month calendar of events.

• Design and deliver a risk and role‑based training strategy, including tailored training materials, e‑learning and interactive exercises in conjunction with our HR learning team

• Lead the ethical phishing simulation programme, ensuring realistic scenarios, supportive communications, and a learning‑focused employee experience

• Manage, grow, and mature the security ambassador network, providing structure, resources, training, and alignment with wider human risk goals

• Contribute to wider team activities, including inductions, ad‑hoc training, MI reporting, and reactive or proactive security communications