Cyber Security Behavioural Science Manager

What’s in it for you

We offer excellent benefits that help make Tesco a great place to work! These include but are not limited to:

• Annual bonus scheme
• Holiday starting at 25 days plus a personal day (plus Bank holidays)
• Retirement savings plan - save between 4% and 7.5% and Tesco will match your contribution
• Life Assurance - 5 x contractual pay
• 24/7 virtual GP service, Employee Assistance Programme (EAP) for you and your family, free access to a range of experts to support your mental wellbeing
• The right to request flexible working from your first day with us
• 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay and we also offer 4 weeks fully paid paternity leave
• Great colleague deals and discounts, saving you money on everyday purchases, eating out and utility bills for the home
• Access to our colleague networks providing a space for colleagues to come together from a range of backgrounds. For more information about our colleague networks please click here
• Opportunities to get on - take advantage of our ongoing learning opportunities and award winning training, to help you achieve the job and career you want

Click Here to read more about the benefits we have available for our colleagues

About the role

As the Sociotechnical Manager, you are accountable for supporting behavioural change and embedding security values in our Tesco culture by developing and implementing comprehensive behavioural and cultural change programs. This includes providing guidance and expertise on all engagements from the Cyber Security team, to ensure simplicity of our ask and optimal behavioural change.

You will be responsible for

• Behavioural science consultation: Develop and execute an organization-wide behaviour change strategy, consulting with wider security engagement and cyber security teams to help improve understanding of why colleagues behave the way they do on security requirements, advising teams on how to support colleagues to effectively stop, start or continue specific actions.     
• Behaviour and culture change: Design, implement and evaluate evidence-based interventions by applying best practice from behavioural science. Leverage the theory and methods of behavioural science while adopting a practical and business-focussed strategy.
• Behavioural diagnosis: Identify the behaviours behind overarching security challenges, extracting the facilitators and barriers that need to change to effectively manage human risks. Monitor and assess the effectiveness of risk reduction/behavioural change initiatives and adjust strategies as needed.
• Choice architecture: Collaborate with subject matter experts to support in developing and delivering cybersecurity technical solutions that are carefully designed to nudge colleagues to make secure decisions. In short, making it easier for colleagues to do the right thing, and harder to do the wrong thing. 
• Security culture development: Design and deliver a security culture observability programme, ensuring we know what the macro, meso and micro cultures are within the business and what contributes to a weak or strong security culture. In turn designing a strategy to foster a strong, positive security culture and feeling of responsibility throughout the organisation, ensuring long term, sustained improvement.
• Metrics: Create and maintain metrics frameworks that can effectively measure and communicate the impact of behavioural change, cultural assessments and human risk reduction.
• Cyber communications: Support comprehensive proactive and reactive communications for security. Providing simple advice and support on good communication and behaviour change practices for security and risk projects, across Tesco.
• Line Management: Provide leadership and guidance to your team to continuously improve the delivery of behavioural change. Identify and drive improvements to the way in which the team operate and deliver behaviour change techniques.

In addition to the above core accountabilities, I am also responsible for:

• Contributing to and supporting the ongoing recruitment and talent development processes for cyber security talent at Tesco
• Driving improvements based on robust data-driven decisions and stakeholder feedback
• Continuously keeping up to date with changing market knowledge and assess new opportunities for behavioural change
• Management of service providers required to deliver my team’s capabilities

Day to day I work closely with:

• Technical Security - Engagement Manager
• General Awareness - Security Engagement Manager
• Security Analysts and Security Engineers
• Product Management teams in Cyber Security

People, budgets and other resources I am accountable for in my job:

• Ownership of maintenance budgets for suppliers, services and software required to deliver and run an effective behaviour change programme at Tesco
• Building and leading a team of around 3 colleagues
• Vendor management

You will need

Operational skills relevant for this job:

• Ability to demonstrate strong written, verbal communication and presentation skills to all levels of seniority and disciplines within the organisation.
• Ability to monitor and evaluate the impact of behaviour change interventions using qualitative and quantitative research.
• Ability to write reports outline the behavioural science of cybersecurity to technical and non-technical audiences.
• Capability to build and lead high-performing teams, fostering a collaborative and inclusive work environment.      
• Good appreciation of behaviour change theory, methodologies and evaluation.

Experience relevant for this job:

• An undergraduate or master’s degree in psychology, behavioural economics, organisational behaviour or related field.
• At least 5 years of relevant work experience in applying behavioural science preferably in large and complex organisations.
• A strong portfolio of behaviour change interventions that demonstrate your ability to design, implement, and evaluate interventions.
• Experience in leading a team.
• A solid understanding of the theories, principles, and methods of behavioural science and experience in how they can be applied to organisational settings.
• A solid understanding of the sociotechnical aspects of cyber security such as people-centric security, the role of human factors and the latest evidence on behaviour change for cyber security (desirable but not essential).

About us

Our vision at Tesco is to become every customer's favourite way to shop, whether they are at home or out on the move. Our core purpose is ‘Serving our customers, communities and planet a little better every day’. Serving means more than a transactional relationship with our customers. It means acting as a responsible and sustainable business for all stakeholders, for the communities we are part of and for the planet.

We are proud to have an inclusive culture at Tesco where everyone truly feels able to be themselves. At Tesco, we not only celebrate diversity, but recognise the value and opportunity it brings. We're committed to creating a workplace where differences are valued, and make sure that all colleagues are given the same opportunities. We’re proud to have been accredited Disability Confident Leader and we’re committed to providing a fully inclusive and accessible recruitment process. For further information on the accessibility support we can offer, please click here.

We’re a big business and we can offer a range of diverse full-time & part-time working patterns across our many business areas, which means that we can find something that works for you.  We work in a more blended pattern - combining office and remote working.  Our offices will continue to be where we connect, collaborate and innovate.  If you are applying internally, please speak to the Hiring Manager about how this can work for you - Everyone is welcome at Tesco.