ROLES AND RESPONSIBILITIES
Review the following roles, confirm responsibilities, add roles as needed and confirm team structure, e.g., core vs. extended team. This template is just that – a template you can (and should) change to your needs.
Security Culture Program Governance
As with any other projects and programs you undertake, you should have governance in place. These are the key people who support and own your program, and whom you report to.
Security Culture Program Core Team
This is the main security culture program work group. You may use one person for several roles, although it is usually better to try to have different people for the different roles.
Security Culture Program Optional team members
If your organization are large, you may consider including the following resources in your security culture program, or in each campaign run by your program. Other roles than listed here can be useful too.
Security Culture Program External Team
Provide expertise and guidance regarding specific functions and/ or responsibilities, as well as particular needs and requirements of different departments, systems, locations etc.
Other roles than those listed here can be useful. Consider the people who can provide value to the program, its content and its successful implementation.
Security Culture Campaign Team
A Campaign team is responsible for setting up, implementing and measuring a campaign (usually 12 weeks). This team can be the same as the Program Core Team, or it can be a separate group. The team can be responsible for a single campaign, or a series of campaigns. In larger organizations, you can run several campaign teams in parallel, all reporting to the Program Core Team.
Download template here: Project Team Member Roles and Responsibilities (PDF)