Description
This role sits at the heart of our cyber security capability, shaping the policies and standards that protect the organisation and enable secure innovation. As Cyber Security Policy Manager, you will define and evolve the enterprise security policy framework, ensuring it supports modern technology environments including cloud, digital platforms and operational systems. Working closely with cyber, technology and business leaders, you will ensure security is embedded by design, aligned with industry standards and understood across the organisation. This is an opportunity to influence how cyber security operates at scale while driving a strong culture of security and continuous improvement.
Responsibilities
- Own and shape the organisation’s Cyber Security policy framework, defining the standards and guidance that underpin how security is implemented across the enterprise.
- Champion secure-by-design principles, ensuring security is embedded into technology platforms, digital products, cloud services and transformation programmes from the outset.
- Ensure alignment with leading industry frameworks and regulation such as ISO 27001, NIST and NIS, strengthening the organisation’s overall security posture and compliance maturity.
- Partner with senior stakeholders across Technology, Cyber and the wider business to translate security requirements into practical, scalable policies.
- Influence and embed a strong security culture, helping teams understand, adopt and apply cyber security policies in their day-to-day work.
- Drive continuous improvement of the cyber security policy landscape, evolving standards and guidance in response to emerging threats, new technologies and changing regulatory expectations.
Qualifications
- Strong understanding of Cyber Security principles, controls and governance frameworks.
- Demonstrated ability to develop clear, concise and well-structured policy and standards documentation.
- Ability to translate complex technical and security concepts into accessible, business-friendly language.
- Strong stakeholder engagement and relationship-building skills.
- Excellent written communication, attention to detail and organisational skills.
- Ability to balance regulatory requirements with practical, risk-based outcomes.
- Experience aligning policies to recognised standards and frameworks (e.g., ISO 27001, NIST CSF, CIS Controls).
- Relevant professional certifications or training (e.g., ISO 27001 Foundation/Implementer, CISMP, CISSP, CISM) are advantageous
hackajob is partnering with Heathrow to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
