Cyber Human Factors Manager

Canopius • Permanent • Manchester, Greater Manchester, England, United Kingdom • 7h ago

Hours Required: Full-time

Job Description

The Role:

As a member of the Information Security team, the Cyber Human Factors Manager designs and operates a framework and methodology to manage risks related to cyber security human factors and behaviour, leads the lifecycle management of Information Security policies, and defines and reports metrics that enable decision‑making on cyber behaviours and culture across the organisation.

This role is crucial in ensuring cybersecurity efforts are aligned with human behaviour and organisational culture, strengthening the overall security posture and reducing human‑related cyber risk.

Responsibilities will include:

Human Factors Policy & Governance

Develop, maintain, and continuously improve policies related to human factors in cybersecurity, aligned to recognised good practice (including the NIST Cybersecurity Framework).
Ensure policies are comprehensive, current, and effectively communicated across the organisation.
Partner with Legal and Compliance to ensure policy content meets relevant regulatory and organisational requirements.

Security Awareness, Training & Behavioural Change

Design, implement, and manage cybersecurity training programmes for employees at all levels, ensuring content is engaging, role‑appropriate, and effective.
Operate defensive phishing campaigns and other human‑factors security testing activities to measure and improve user behaviour.
Coordinate with departmental leaders to tailor training and interventions based on role‑specific risk profiles and business needs.
Monitor training outcomes and continuously improve methodologies based on feedback, metrics, and evolving threats.

Cyber Behaviour Metrics, MI & Reporting

Define key metrics to assess cyber behaviours and security culture across the organisation.
Implement methods to collect and analyse data on employee compliance, training completion, policy adherence, and human‑related security incidents.
Produce regular dashboards and reports that identify trends, vulnerabilities, and improvement actions for leadership audiences (including the CISO).
Collaborate with IT and Security teams to integrate behavioural metrics into overall cyber risk assessments and reporting. 4) Human‑Related Risk Identification & Mitigation
Identify and assess human‑related cybersecurity risks and vulnerabilities across the business.
Develop mitigation strategies using a combination of technology controls, policy, process, and training interventions.
Conduct regular reviews, risk assessments, and assurance activities to evaluate the effectiveness of human‑risk mitigations and recommend improvements.

Cross‑Functional Collaboration & Incident Learnings

Work closely with IT, HR, Operational Resilience, Governance and other relevant teams to embed human factors into security initiatives and organisational change.
Partner with incident response teams to analyse human‑related contributors to incidents and ensure lessons learned are translated into sustainable behavioural improvements.
Participate in cross‑functional projects to ensure human‑centric security requirements are addressed from design through to adoption.

Skills and Experience

Bachelor's degree in cybersecurity, psychology, human factors, or related field, or demonstrable equivalent knowledge.
Proven experience in cybersecurity, with a focus on human factors, behaviour analysis, or organizational psychology.
In-depth knowledge of the NIST Cybersecurity Framework and other relevant industry standards.
Strong understanding of human behaviour, cognition, and decision-making processes in the context of cybersecurity.
Experience developing and implementing cybersecurity policies and training programs.
Proficiency in data analysis and the ability to derive insights from complex datasets.
Excellent communication and interpersonal skills, with the ability to engage with stakeholders at all levels of the organization.
Desirable to have relevant certifications such as CISSP, CISM, or CIPM.

About Us

Our benefits

We offer all employees a comprehensive benefits package that focuses on their whole wellbeing. This includes hybrid working, a competitive base salary, non-contributory pension, discretionary bonus, insurances including health (family) and dental cover, and many other benefits to enhance financial, physical, social and psychological health.

About Canopius

Canopius is a global specialty lines (re)insurer. We are one of the leading insurers in the Lloyd’s of London insurance market with offices in the UK, US, Singapore, Australia and Bermuda.

At Canopius we foster a distinctive, positive culture which enables us to bring our whole selves to work to flourish as people, and build a business which delivers profitable, sustainable results.

Based in incredible new offices in the heart of the City of London, Canopius operates a flexible, hybrid working model and is committed to providing an environment that challenges employees to be their best and where everyone's unique contributions are recognised, valued and respected.

We are fully committed to equal employment opportunities for all applicants and providing employees with a work environment free of discrimination and harassment. All employment decisions are made regardless of age, sex, gender identity, ethnicity, disability, sexual orientation, socio-economic background, religion or beliefs, marital or caring status, or any other status protected by the laws or regulations in the locations where we operate. We encourage and welcome applicants from all diverse backgrounds.

We make reasonable adjustments throughout the recruitment process and during employment. Please let us know if you require any information in an alternate format or any other reasonable adjustments.

Apply