This isn’t super scientific but we’ve been keeping tabs on ABC/HRM-specific job titles over the years and here’s what we generally see:
Part 1 – Level/function prefix or suffix
The following prefixes or suffixes:
- Lead (p & s)
- Manager (s)
- Head of (p)
- Director (p & s)
- Advisor (s)
- Instructor (s)
- Principal (p)
- Program Manager (s)
- Specialist (s)
Part 2 – Domain prefix
The following domain prefixes:
- Cyber
- Cybersecurity
- Cyber Security
- Information Security
- InfoSec
- Security
Part 3 – Function descriptor
- Awareness Awareness and Culture
- Awareness and Training
- Awareness & Training
- Awareness, Readiness and Engagement
- Awareness, Training & Advocacy
- Awareness Training and Human Risk Strategy
- Behavioral Engineer
- Behavioural Engineer
- Behavioral Risk
- Behavioural Risk Communication and Awareness
- Culture
- Culture Education and Awareness
- Culture Training and Awareness
- Cyberpsychology Engagement
- Education
- Education and Awareness
- Education, Training and Awareness
- Engagement Governance and Culture
- Human Risk
- Human Risk, Communications
- Human Risk Management
- Psychology & Engagement
- Risk and Awareness
- Risk and Behaviors
- Risk and Behaviours
- Risk Culture
- Safety Awareness Training
- Training and Awareness
- Training & Awareness
- Training and Cyber Awareness
- Training and Education
- Training, Awareness and Outreach
- Training Education and Awareness
NB. This is only a list of ABC/HRM-specific titles i.e. for roles largely dedicated to awareness, behaviour, culture or managing human risk. It doesn’t account for the numerous people who have a much more generic title, and are maybe also responsible for other areas of cybersecurity/infosec.
Last updated 28 Feb 2025
