Information & Cyber Security Policy Manager
The Cyber Security Policy Manager is responsible for developing, maintaining, and continuously improving the organisation's information security policy framework. This role ensures that policies are aligned with UK government guidance, legislative requirements, and industry best practice.
The programme operates at pace, balancing ongoing delivery and support of the current Service with a complex dual‑run migration. This includes supplier integration, technical architecture, cyber security assurance, and engagement with senior stakeholders.
Responsibilities
Introduce and maintain the organisation’s information security policy framework, ensuring continuous improvement and alignment with UK government guidance, legislation, and best practices.
Qualifications
- Demonstrable experience in developing, reviewing, and maintaining information or cyber security policies within a UK-based organisation.
- Strong working knowledge of the NCSC Cyber Assessment Framework (CAF) and the ability to map policies to CAF objectives and indicators of good practice.
- Experience of working within the UK Government Security Policy Framework and Government Security Standard (GSS/GS 007) standards.
- Knowledge of UK data protection legislation, including the Data Protection Act 2018 and UK GDPR, and their implications for information security policy.
- Experience conducting policy gap analyses and producing written reports and recommendations for senior audiences.
- Excellent written communication skills with the ability to produce clear, structured, and accessible policy documentation.
- Strong stakeholder engagement and facilitation skills, with the ability to influence at all levels.
- Professional qualification in information security or a related discipline (e.g., CISSP, CISM, CRISC, or equivalent).
- Familiarity with the Government Security Classifications (GSC) policy and its operational implications.
