Cyber Security Manager

Job Title: Cyber Security Manager, Policy
Working Days and Hours: Monday to Friday, 40 hours per week
Reports to: Head of Cyber Security Governance, Risk & Compliance

Role Purpose
The Cyber Security Manager (Policy) is responsible for creating, developing, maintaining, and publishing a comprehensive suite of cyber security policies, standards, and supporting documentation to ensure regulatory compliance and embed secure-by-design principles across the organisation. The role works across all aspects of the Cyber Security office and collaborates closely with technology, business, and external stakeholders to ensure policies are practical, current, and aligned with legislation, organisational risk appetite, and strategic objectives.

Key Responsibilities

• Create, maintain, and continuously improve a comprehensive cyber security policy framework, including policies, standards, procedures, and guidance.

• Ensure policy documentation is clear, consistent, accessible, and aligned with organisational objectives and risk appetite.

• Act as policy manager, overseeing regular review, approval, version control, and publication.

• Embed secure-by-design principles into policy and guidance to support technology, transformation, and business initiatives.

• Work with Cyber and Technology teams to ensure policies cover modern architectures, cloud services, digital products, and operational technologies.

• Ensure policies align with applicable regulations, industry standards, and best practices such as ISO 27001, NIST, and NIS.

• Support regulatory, audit, and assurance activities by providing evidence of policy coverage and maturity.

• Collaborate with the wider Cyber Security team to cover all security domains appropriately and proportionately.

• Build strong, trusting relationships with internal and external stakeholders, including IT teams, business units, suppliers, and partners.

• Gather input from subject matter experts and incorporate feedback to ensure policies are practical and effective.

• Promote Cyber Security culture and awareness by ensuring policies are understood and adopted across the organisation.

• Assist with policy communication, guidance, and interpretation to encourage consistent understanding and compliance.

• Monitor changes in threats, technology, and regulatory expectations to keep policies current and relevant.

• Identify gaps, overlaps, and opportunities to improve the policy framework and documentation lifecycle.

Experience and Qualifications

• Minimum 5 years’ experience owning and managing Cyber Security or Information Security policy documentation.

• Broad Cyber Security experience across multiple domains, such as governance, risk, technology, and operations.

• Proven experience collaborating within a team and across organisational boundaries.

Essential Skills

• Strong understanding of Cyber Security principles, controls, and governance frameworks.

• Ability to develop clear, concise, and well-structured policy and standards documentation.

• Ability to translate complex technical and security concepts into accessible, business-friendly language.

• Strong stakeholder engagement and relationship-building skills.

• Excellent written communication, attention to detail, and organisational skills.

• Ability to balance regulatory requirements with practical, risk-based outcomes.

Desirable Skills

• Experience aligning policies to recognised standards and frameworks, such as ISO 27001, NIST CSF, and CIS Controls.

• Exposure to regulated or complex enterprise environments.

• Understanding of secure-by-design and security-by-default concepts.

• Experience supporting audits, assurance reviews, or regulatory assessments.

• Familiarity with document management or GRC tools.

Education

• Degree in Cyber Security, Information Security, Computer Science, or a related discipline, or equivalent professional experience.

• Relevant professional certifications or training, such as ISO 27001 Foundation/Implementer, CISMP, CISSP, or CISM, are advantageous.

Our Values

• Caring for ourselves and one another, keeping safety, security, and wellbeing front of mind.

• Acting with integrity and responsibility in everything we do.

• Working together constructively to achieve shared goals and bring out the best in each other.

• Valuing diversity, inclusion, and fairness to build trust and enable honest conversations.

• Giving excellent service to colleagues, customers, and partners, striving to be the best.

• Being ambitious, always improving, learning, and sharing knowledge to achieve the best outcomes.