Cybersecurity Policy Manager

Cybersecurity Policy Manager

We’re building a team to bring structure and clarity to how cybersecurity work is planned and delivered — and we’re looking for someone who enjoys process thinking, cross-team collaboration and translating high-level requirements into clear, measurable controls.

We are looking for:

• A person who can design a measurable, interpretable and implementable cybersecurity program.

• Someone who can work across teams, speak both with analysts and business stakeholders, and translate those discussions into concrete, enforceable and measurable policy requirements.

• A mature specialist with strong understanding of security governance rather than technical configuration or tooling.

• Someone who may later take on management responsibility for another team member.

Apply if you have:

• At least 4 years of experience in a similar role, ideally within an internal security or GRC function — with hands-on implementation of security policies and standards in a large/global environment.

• Ability to translate high-level requirements from frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls) and domain SMEs into actionable and measurable control objectives.

• Practical experience with governance processes related to policies and standards (reviews, approvals, communication, lifecycle management).

• Understanding of cybersecurity regulations, including NIS2, and the ability to reflect regulatory requirements in policies and standards.

• Broad, cross-domain cybersecurity knowledge at a non-technical, governance-oriented level.

• Excellent communication skills in English and strong stakeholder-management skills.

Nice to have:

• Certifications such as CISSP, CISM, CRISC.

• Experience building and maintaining a structured pipeline for security documentation (creation, updates, retirements).

• Understanding of risk-based decision making when developing requirements (e.g. cost/gain ratio, adoption friction).

• Interest in regulatory changes and updates to established cybersecurity frameworks.

You'll be joining…

• A Cybersecurity GRC team focused on building a consistent, practical and measurable policy & standard framework.

• An environment with a defined security roadmap through 2026, covering resilience, application security, standards and documentation, and alignment with NIS2.

• A role where you will:

  • create and maintain policies and standards,

  • run governance processes across the full document lifecycle,

  • coordinate work with domain SMEs,

  • develop and execute a clear plan leading to final publication of documents,

  • and define measurable controls and reporting mechanisms supporting the overall cybersecurity framework.