Policy Lead

About the Role

The Cyber Security Policy Lead is responsible for authoring, assuring, and continuously improving Haleon's Information Security Policies & Standards. This role ensures that policy requirements are clear, actionable, and aligned with Haleon's regulatory, statutory, contractual, industry best practice obligations. The Policy Lead partners closely with Cyber Advisory, GRC, Security Architecture, and Technical Domain teams to maintain a robust, traceable taxonomy that enables consistent measurement of secure and compliant outcomes across Haleon's global technology environment.

Key Responsibilities

• Policy Development & Lifecycle Management
  • Author, update, and maintain Haleon's Information Security Policies & Standards.
  • Lead structured governance cycles, including annual reviews, stakeholder consultations, and approval processes.
  • Ensure policy, standard, control, and procedure documentation meets Haleon's standards for clarity, accuracy, technical relevance, and usability.
  • Participate in policy exception processes, ensuring risk based evaluation and traceability.
• Control Framework Integration & Taxonomy Management
  • Develop and maintain a policy to standards to controls taxonomy that supports measurable compliance and risk reporting.
  • Ensure alignment to recognized frameworks (NIST, CIS, ISO 27001) and harmonize external requirements into Haleon's control library.
  • Partner with GRC teams to ensure policy requirements align with Haleon's risk management systems and control sets.
  • Support development of testable control statements and evidence requirements.
• Cross Functional Collaboration & Advisory
  • Work closely with Cyber Advisory to ensure policies support secure by design architecture and effective risk identification.
  • Partner with Domain Architects and SMEs across IAM, Cloud, Data, Infrastructure, OT, and Application Security to validate technical accuracy.
  • Serve as a policy authority during solution assessments, onboarding activities, and governance forums.
  • Support stakeholder education and communication to ensure policy understanding across Haleon.
• Continuous Compliance & Automation Support
  • Define policy and standard requirements that can be automated within solution delivery pipelines and operational platforms.
  • Collaborate with engineering and platform teams to embed policy aligned controls into DevSecOps.
  • Contribute to Haleon's continuous compliance strategy by ensuring traceable, measurable, and enforceable policy requirements.
• Governance, Assurance & Documentation Quality
  • Provide expert guidance for audits, assurance reviews, and regulatory assessments.
  • Maintain high quality documentation and ensure all policy materials reflect Haleon's governance model.
  • Identify opportunities to streamline and modernize Haleon's policy framework and governance processes.

Deliverables

• Updated and approved Information Security Policies & Standards aligned with Haleon's risk posture.
• A unified, traceable policy taxonomy linking requirements to controls and assurance measures.
• Clear and testable standard requirements enabling continuous compliance and automation.
• Policy exception assessments and governance documentation.
• High quality communication materials for policy rollouts, stakeholder briefings, and awareness campaigns.

Experience & Qualifications

• 7-12 years experience in Cyber Security, Information Security Governance, GRC, or related roles.
• Demonstrated experience authoring and governing security policies, standards, or enterprise control frameworks.
• Strong understanding of key technical domains, including IAM, Cloud, Data Protection, Infrastructure, Application Security, and OT.
• Experience collaborating with architecture, engineering, and risk functions in a global enterprise.
• Exceptional written communication and documentation skills.

Preferred Certifications

• CISSP
• CISM
• ISO 27001 Lead Implementer/Auditor

• Experience working in regulated or high governance environments.
• Familiarity with GRC platforms (ServiceNow GRC, Archer, etc).
• Experience with cloud governance and automated security controls.

Core Competencies

• Deep knowledge of security controls and governance principles.
• Policy authoring, compliance analysis, and control mapping.
• Analytical thinking and ability to simplify complex technical concepts.
• Strong communication and collaboration skills.
• Ability to influence decision making across technical and business teams.
• High standard of documentation quality and technical accuracy.
• Strategic thinking with a continuous improvement mindset.

What Success Looks Like

Haleon has a modern, cohesive, and measurable Information Security Policy framework. Policies and standards clearly guide secure design decisions and support enterprise risk reduction. Business and technical teams understand their obligations and feel supported by actionable guidance. Policy requirements seamlessly integrate with Haleon's risk management, continuous compliance, and automation initiatives. Governance processes are efficient, transparent, and trusted. Haleon's security posture is strengthened through clear, consistent, and traceable security expectations.

Job Posting End Date: 2026-06-26

Equal Opportunities

Haleon is committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected - all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It's important to us that Haleon is a place where all our employees feel they truly belong.