Efforts to reduce human risk have met little success; they focus on security awareness and training and are led by staff several levels below the CISO who are not doing it on a full-time basis. Organizations that are starting to take a more holistic approach to reducing human risk create a more senior and strategic role that reports directly to the CISO: the director of cybersecurity influence and engagement. This person influences security behavior change, promotes security’s role across the organization, and instills a security culture. Security leaders can use this report to create a job description for their director of cybersecurity influence and engagement, guide recruitment, and attract the right talent.