Cyber Security Policy Analyst

My client is currently reviewing all of its Cyber Security policies and is looking for an experienced policy analyst to review enhance and re write their current security policies .

Duties and Responsibilities

• Create new, and update existing operational security policies, standards, process, and procedures to meet operational security needs and in line with superior internal and external frameworks and standards.
• Be the first point of contact for security for the organisation’s different stake holders.
• Engage early with the business to understand the business demand pipeline for security support and input.
• Proactively build and maintain security engagement between operational security and business for projects and programmes to ensure security policies, standards, procedures, and processes etc, are adhered to.
• Ensure all projects programmes and business initiatives have security input.
• Carry out assessment against business and security requirements to prioritise business demand.
• Create security requirements for projects and programmes.
• Engage with stakeholders and technical teams to ensure security requirements are captured, translated, and embedded as security by design and meet security policies and standards etc.
• Identifying and flagging risks and issues early.
• Improve security compliance process and communicate these to the stakeholders.
• Work actively to reduce risks and impact of risks to the organisation.
• Ensure risks are identified, assessed managed and reported in a timely manner.
• Proactively identify gaps and make improvements.
• Produce quality reports on security risks, progressions, and non-noncompliance with policies.
• Engage and build relationships with internal and external stakeholders.

Essential experience

• CISSP,CISM or CRISC qualified
• 5 + years of working in security in large Global , diverse, and complex organisation as security support role, supporting business, projects and programmes capturing business and security requirements.
• Public sector experience essential
• Experience of writing quality and actionable security policies, standards, and procedures, communicating and establishing them across a very diverse organisation.
• Sound knowledge of project management methodologies and security integration
• Working closely with technical teams, business forums, projects, and security integration
• Ability to communicate technical security risks and requirements to different, technical, and non-technical audience.
• Have a technical IT and Security background with recent Governance, Risk and Compliance experience.
• Experience of working with ISO27001, NCSC’s Could Principles, Cloud Assurance Framework, NIST and other NCSC and HMG standards and guidance, adapting them into organisational policies and procedures etc.
• IT and networking knowledge, especially, Microsoft products, including Azure security and security tools.
• Working knowledge of threat and vulnerability, attack types and response.
• Ability to prioritise, work under pressure and manage demands and workload autonomously and with other technical and non-technical teams.
• Experience producing high quality documentation, policies, process, and reporting and communicating them to different stakeholders.
• Ability to work collaboratively in a large and diverse organisation across the globe.
• A good command of written and verbal communication skills is required for this role to be able to engage with diverse and global organisation.