Cybersecurity Policy Manager

Cybersecurity Policy Manager We’re building a team to bring structure and clarity to how cybersecurity work is planned and delivered — and we’re looking for someone who enjoys process thinking, cross-team collaboration and translating high-level requirements into clear, measurable controls. We are looking for: • A person who can design a measurable, interpretable and implementable cybersecurity program. • Someone who can work across teams, speak both with analysts and business stakeholders, and translate those discussions into concrete, enforceable and measurable policy requirements. • A mature specialist with strong understanding of security governance rather than technical configuration or tooling. • Someone who may later take on management responsibility for another team member. Apply if you have: • At least 4 years of experience in a similar role, ideally within an internal security or GRC function — with hands-on implementation of security policies and standards in a large/global environment. • Ability to translate high-level requirements from frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS Controls) and domain SMEs into actionable and measurable control objectives. • Practical experience with governance processes related to policies and standards (reviews, approvals, communication, lifecycle management). • Understanding of cybersecurity regulations, including NIS2, and the ability to reflect regulatory requirements in policies and standards. • Broad, cross-domain cybersecurity knowledge at a non-technical, governance-oriented level. • Excellent communication skills in English and strong stakeholder-management skills. Nice to have: • Certifications such as CISSP, CISM, CRISC. • Experience building and maintaining a structured pipeline for security documentation (creation, updates, retirements). • Understanding of risk-based decision making when developing requirements (e.g. cost/gain ratio, adoption friction). • Interest in regulatory changes and updates to established cybersecurity frameworks. You'll be joining… • A Cybersecurity GRC team focused on building a consistent, practical and measurable policy & standard framework. • An environment with a defined security roadmap through 2026, covering resilience, application security, standards and documentation, and alignment with NIS2. • A role where you will:• create and maintain policies and standards, • run governance processes across the full document lifecycle, • coordinate work with domain SMEs, • develop and execute a clear plan leading to final publication of documents, • and define measurable controls and reporting mechanisms supporting the overall cybersecurity framework.