Director, Cyber Policy Modernization & Controls

Lead the end-to-end execution of the Cyber Policy Modernization project, including policy catalogue refresh, control statement standardization, and alignment with industry best practices and regulatory requirements. Establish and chair the Cybersecurity Policy Steering Committee for governance, oversight, and decision-making throughout the modernization lifecycle. Collaborate with process owners, subject matter experts, and engineering controls teams to identify gaps, baseline existing controls, and implement AI-driven tools for gap analysis and modernization. Oversee the development and mapping of control objectives, control statements, and risk statements to ensure clarity, consistency, and traceability. Drive the integration of continuous control monitoring, metrics, and reporting into the policy lifecycle. Ensure successful transition from project phase to BAU, embedding scalable assurance mechanisms and eliminating redundancies. Own and continuously improve the cyber controls framework, maintaining alignment with evolving regulatory, industry, and threat-driven requirements. Lead the ongoing governance, refresh, and publication of cybersecurity policies, standards, and procedures according to the established schedule. Maintain and enhance the Controls Inventory Master and ensure integration with the Controls Hub and enterprise controls taxonomy. Monitor control effectiveness, drive remediation of control gaps, and optimize resource allocation for operational resilience and cost efficiency. Oversee the implementation of measurable, business-focused metrics and dashboards for real-time risk and control management. Foster a culture of continuous improvement, stakeholder engagement, and cross-functional alignment across engineering, risk, and business units.