×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Policy Lead

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Haleon
Full Time position
Listed on 2026-06-14
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 60000 - 80000 GBP Yearly GBP 60000.00 80000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

About the Role

The Cyber Security Policy Lead is responsible for authoring, assuring, and continuously improving Haleon’s Information Security Policies & Standards. This role ensures that policy requirements are clear, actionable, and aligned with Haleon’s regulatory, statutory, contractual, industry best practice obligations. The Policy Lead partners closely with Cyber Advisory, GRC, Security Architecture, and Technical Domain teams to maintain a robust, traceable taxonomy that enables consistent measurement of secure and compliant outcomes across Haleon’s global technology environment.

Key Responsibilities
  • Policy Development & Lifecycle Management
    • Author, update, and maintain Haleon’s Information Security Policies & Standards.
    • Lead structured governance cycles, including annual reviews, stakeholder consultations, and approval processes.
    • Ensure policy, standard, control, and procedure documentation meets Haleon’s standards for clarity, accuracy, technical relevance, and usability.
    • Participate in policy exception processes, ensuring risk‑based evaluation and traceability.
  • Control Framework Integration & Taxonomy Management
    • Develop and maintain a policy‑to‑standards‑to‑controls taxonomy that supports measurable compliance and risk reporting.
    • Ensure alignment to recognized frameworks (NIST, CIS, ISO 27001) and harmonize external requirements into Haleon’s control library.
    • Partner with GRC teams to ensure policy requirements align with Haleon’s risk management systems and control sets.
    • Support development of testable control statements and evidence requirements.
  • Cross‑Functional Collaboration & Advisory
    • Work closely with Cyber Advisory to ensure policies support secure‑by‑design architecture and effective risk identification.
    • Partner with Domain Architects and SMEs across IAM, Cloud, Data, Infrastructure, OT, and Application Security to validate technical accuracy.
    • Serve as a policy authority during solution assessments, onboarding activities, and governance forums.
    • Support stakeholder education and communication to ensure policy understanding across Haleon.
  • Continuous Compliance & Automation Support
    • Define policy and standard requirements that can be automated within solution delivery pipelines and operational platforms.
    • Collaborate with engineering and platform teams to embed policy‑aligned controls into Dev Sec Ops .
    • Contribute to Haleon’s continuous compliance strategy by ensuring traceable, measurable, and enforceable policy requirements.
  • Governance, Assurance & Documentation Quality
    • Provide expert guidance for audits, assurance reviews, and regulatory assessments.
    • Maintain high‑quality documentation and ensure all policy materials reflect Haleon’s governance model.
    • Identify opportunities to streamline and modernize Haleon’s policy framework and governance processes.
Deliverables
  • Updated and approved Information Security Policies & Standards aligned with Haleon’s risk posture.
  • A unified, traceable policy taxonomy linking requirements to controls and assurance measures.
  • Clear and testable standard requirements enabling continuous compliance and automation.
  • Policy exception assessments and governance documentation.
  • High‑quality communication materials for policy rollouts, stakeholder briefings, and awareness campaigns.
Experience & Qualifications
  • 7–12 years experience in Cyber Security, Information Security Governance, GRC, or related roles.
  • Demonstrated experience authoring and governing security policies, standards, or enterprise control frameworks.
  • Strong understanding of key technical domains, including IAM, Cloud, Data Protection, Infrastructure, Application Security, and OT.
  • Experience collaborating with architecture, engineering, and risk functions in a global enterprise.
  • Exceptional written communication and documentation skills.
Preferred Certifications
  • CISSP
  • CISM
  • ISO 27001 Lead Implementer/Auditor
  • Experience working in regulated or high‑governance environments.
  • Familiarity with GRC platforms (Service Now GRC, Archer, etc).
  • Experience with cloud governance and automated security controls.
Core Competencies
  • Deep knowledge of security controls and governance principles.
  • Policy authoring, compliance analysis, and control…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search