SAT Practice Lead

Third Party Platform Sdn Bhd – Kuala Lumpur, Kuala Lumpur

As the Security Awareness and Training Lead, you will be accountable for delivering security awareness and training initiatives that support a strong security culture in a regulated environment. The role focuses on ensuring employees understand their security responsibilities, contributing to risk reduction and compliance outcomes through targeted education, effective communication, and measurable awareness programs.

• Awareness & Engagement
  • Develop, refresh, and publish security awareness content on a regular basis, including newsletters, infographics, digital signage, screensavers, and time‑sensitive security communications.
  • Plan and deliver organisation‑wide cyber awareness campaigns, including annual Cyber Security Month activities and targeted engagement initiatives that strengthen employee understanding of cyber risks and expected behaviours.
  • Promote consistent and timely security messaging that reinforces expected behaviours and organisational security priorities.
  • Ensure awareness initiatives remain aligned with recognised security standards and regulatory expectations. (e.g. ISO 27001)
  • Monitor and analyse awareness and training outcomes to identify trends, risks, and improvement opportunities. Use data to guide targeted awareness activities and continuous improvement efforts.
• Training Delivery & Onboarding
  • Design and deliver security onboarding training for new joiners, ensuring early awareness of security responsibilities and acceptable use expectations.
  • Ensure mandatory security training is assigned, tracked, and completed within required timeframes using awareness platforms such as KnowBe4.
  • Monitor completion rates and follow up with stakeholders to address overdue or non‑compliant training.
  • Refresh learning content to reflect emerging threats, technology changes, and organisational risk priorities.
• Phishing Simulation & Measurement
  • Plan, execute, and manage quarterly phishing simulation campaigns to assess user susceptibility and behavioural risk.
  • Analyse phishing results and prepare clear, actionable reports for security, GRC, and management stakeholders.
  • Use simulation outcomes to inform targeted training, communications, and continuous improvement initiatives.
• Governance & Stakeholder Support
  • Work closely with GRC and business stakeholders to support assurance activities related to security awareness and training.
  • Maintain evidence and records required to demonstrate compliance with awareness and training obligations.
  • Provide input into audits and reviews where employee security behaviour and training effectiveness are assessed.

• Security awareness, training, and behavioural risk principles, including common social engineering and phishing techniques;
• Security standards and regulatory expectations relevant to awareness and training (e.g. ISO 27001), and how awareness supports compliance outcomes;
• Security awareness delivery methods, learning platforms, and phishing simulation tools (e.g. KnowBe4);
• Metrics and reporting approaches used to measure awareness effectiveness, training completion, and user behaviour trends;
• Translating security incidents, threat trends, and organisational risks into practical awareness and training content.

• Developing and implementing security, awareness and training strategy and solutions;
• Security project management and planning;
• Defining problems, collecting and analysing data, establishing facts and drawing valid conclusions;
• Using judgement and ingenuity in maintaining objectives and technical standards;
• Working with diverse academic, cultural, and ethnic backgrounds of staff.

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Minimum of 4 years of experience in cybersecurity awareness and training, with at least a year in a leadership role.
• Experience with phishing simulation tools and training platforms (KnowBe4 or similar)
• Excellent communication, project management and interpersonal skills.

• Advanced degrees or certifications such as CISSP, CISM, or CRISC are an added value.
• Understanding of industry standards and regulations (e.g., ISO 27001, CIS Controls v8, ASD E8, NIST, Australian Privacy Act 1988, and GDPR) and experience using dashboarding tools (Power BI) is an advantage.
• Competitive salary and bonus structure

To apply for this position, please upload your resume and a cover letter detailing your relevant experience. Bell Financial Group/Third Party Platform is an equal opportunity employer and encourages applications from candidates of all backgrounds.

Be careful - Don’t provide your bank or credit card details when applying for jobs. Don’t transfer any money or complete suspicious online surveys. If you see something suspicious, report this job ad.