Cybersecurity Policy Writer & Governance Lead

About The Position

Requirements

• Bachelor’s or Graduate degree in Computer Science, Information Technology, Cybersecurity, or related discipline (or equivalent experience).
• 7–10 years of progressive experience in cybersecurity governance, policy development, risk management, or compliance.
• Demonstrated experience drafting enterprise-level cybersecurity policies and standards.
• Strong knowledge of global regulatory and cybersecurity control frameworks.
• Exceptional written and verbal communication skills, with the ability to translate technical requirements into business-focused guidance.
• Experience with policy lifecycle management tools or governance platforms preferred.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001/NIST-related certifications are highly desirable.
• Working understanding of Artificial Intelligence is a plus.

Nice To Haves

• Cybersecurity Governance & Operating Models
• Policy & Standards Development
• Regulatory Compliance & Audit Readiness
• Security Controls & Control Mapping
• Automation & Governance Tooling
• Executive Communication
• Cross-Functional Influence
• Results Orientation
• Learning Agility
• Customer-Centric Mindset

Responsibilities

• Lead the development, review, and lifecycle management of cybersecurity policies, standards, and specifications.
• Establish and mature governance frameworks aligned with industry-best practices and regulatory expectations.
• Ensure policies evolve in response to emerging threats, business changes, and regulatory updates.
• Maintain strong knowledge of regulatory and industry frameworks such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS V8.1, General Data Protection Regulation, and PCI DSS.
• Ensure alignment between cybersecurity controls, enterprise risk management practices, and compliance obligations.
• Provide authoritative guidance on policy interpretation, control implementation, and exception management.
• Partner with IT, Legal, Compliance, Risk, Audit, and business units to ensure policies are practical, enforceable, and business-aligned.
• Influence senior leadership through reporting on governance metrics, compliance posture, and risk exposure.
• Support the development and delivery of cybersecurity awareness and policy training programs.
• Promote a culture of security accountability and governance maturity across the organization.
• Define and track governance KPIs and KRIs.
• Monitor policy adherence and control effectiveness.
• Provide executive-level reporting on compliance trends, risk insights, and remediation progress.

Benefits

• Health insurance
• Dental insurance
• Vision insurance
• Long term/short term disability insurance
• Employee assistance program
• Flexible spending account
• Life insurance
• Generous time off policies, including; 4-12 weeks fully paid parental leave based on tenure
• 11 paid holidays
• Additional flexible paid vacation and sick leave