Title : Human Risk Data Analyst
Work Level : 1C
Location : Port Sunlight (would consider 100VE & Kingston)
Reporting into : Tom Pool
Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Marmite, and Lynx. That’s why our purpose as Unilever is ‘to brighten everyday life for all’.
Unilever’s Cyber Security organisation is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organisation runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and risk advisory to our business, and assesses the security posture of our vast technology estate, including factories and Research & Development.
What Human Risk do:
- Develop and execute the Cyber Culture & Human Risk strategy at Unilever
- Develop, iterate and measure Cyber Security training to the entire non-Cyber organisation, including office-based, factory and Acquired Businesses, and roll this out in collaboration with our Engagement team
- Shift the perception of the organisation from Training & Awareness to Human Risk
- Monitor and measure the impact of activities via a series of metrics to identify and mitigate Human Risk across the business
- Ongoing benchmarking and review of external, peer companies and the wider security community to ensure Unilever remains aligned to best-in-class standards
- Works closely with wider GDT, business functions and external suppliers to establish two-way dialogue with the operational areas of the business
Job Purpose
A vacancy exists for a Data Analyst, as part of Cyber Security’s Human Risk team, within the Identify and Protect area. This role is tasked with bringing together our numerous data sets from our own team, other Cyber Security teams and wider business, in order to analyse the risk position of our people, both internally and across our extended network.
Human Risk is an approach that focusses on identifying, quantifying, managing and mitigating the human impact on a business with regards to risk and security. As has been seen in the news recently, the need to identify and educate our people is more important than ever as Cyber criminals become more advanced and technology becomes more readily available.
For Cyber Security to make the shift from awareness to Human Risk, we need to get closer to the data, to be able to use a variety of available data sources to identify and spotlight the risks in the business. Using this information, we can then look to manage any of those risk areas by putting in place the right mitigation measures, such as targeted training, to shift the culture of the organisation to a more Cyber safe environment. A closer insight into the data will also allow us to activate role-based training based on business risk, e.g. relevant training for leaders vs. office-based vs. factory.
Key Responsibilities:
- Data Mapping: bring together the variety of data sources we have access to in order to map these in one place.
- Data Visualisation: Using these data sources to create an easily understood overview of people risk so that this can be self-served by our stakeholders, using iterative feedback to build the right solution. There would also be a requirement to build content when required for leadership interventions. Visualisations need to be clear, informative and contextualised for the audience.
- Analysis and Storytelling: There would be an expectation for the individual to identify and highlight key risk areas and bring these to the wider Human Risk team with the right context for interventions either undertaken by the team or through our partners. This would include tracking against required standards such as NIS2.
- Collaboration: Working with the different teams in Cyber Security and outside of the team to bring together the right information in the right way for the right audience at the right cadence.
- Success measures: Analysing our data to identify successful interventions, gaps to target and developing trends to help the team iterate their strategy to respond to internal and external threats.
- External research: It would be preferred if the individual could also run comparisons to the external environment, in alignment with the Threat Intelligence team, to benchmark our interventions accordingly.
- Training: The successful candidate would be expected to work to NIST standards, and any relevant training can be provided by the team if this is a current gap.
Key Skills and Experience
Skills:
- Problem Solving to identify key risk spots and suggesting mitigating actions
- Solution focussed – should be bringing ideas and solutions to the table for review using the right knowledge and acumen
- Data Analytics
- Data Visualisation
- Data Storytelling
- Collaboration to be able to work with teams both inside and outside of Cyber Security
- Excellent written and verbal communication skills
- Stakeholder management and interpersonal skills at both a technical and non-technical level.
- Ability to manage conflicting priorities and multiple tasks.
- Ability to work both independently and in collaboration with international teams.
- Business Acumen to contextualise the data sets for our stakeholders and provide a solution that suits their requirements
- Strong capability in PowerBI and Excel
Experience:
- Previous experience in Data & Analytics type roles
- Demonstrable examples of problem-solving capability
- Demonstrable examples of driving and implementing solutions
- Good experience of influencing stakeholders and managing requirements
- Practitioner of global best practice cyber security standards (e.g., NIST and NIS2), or willing to learn these as part of the role
- Ability to challenge the status quo and provide a fresh perspective to the team
- Implemented or worked with ETL (Extract Transform Load) for data
Behaviours
- Candidates would be required to the following behaviours:
- Care Deeply - Cares deeply about how consumers experience our brands, with a focus on performance.   Inspires the energy needed to win, generating intensity and focus to motivate people to deliver quality results at speed.
- Focus on What Counts – Has the ability to ruthlessly prioritise.  Setting clear and stretching goals delivering the maximum performance impact - Flexes leadership style and plans to meet changing situations with urgency
- Stay Three Steps Ahead – Is able to think boldly and creatively to make breakthroughs in performance. Always curious and confident.  Encouraging experimentation and intelligent risk-taking.