Job Title: Cyber Security Policy & Standards Manager
Business Function: Cyber Security
Location: Flexible (India & UK)
Reports to: Senior Cyber Security Policy & Standards Manager
Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Marmite, and Lynx. That’s why our purpose as Unilever is ‘to brighten everyday life for all’.
Unilever’s Cyber Security organisation is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organisation runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and risk advisory to our business, and assesses the security posture of our vast technology estate, including factories and Research & Development.

ACCOUNTABILITIES:

• GRAC Standards and Governance Team are accountable for Cyber Security Policy, Standards and Guidance. This role is accountable for the implementation, activation and maintenance of fit for purpose Cyber Standards and Guidance.
• The role will elevate and influence enterprise cyber security risk mitigation across Unilever
• Responsible for supporting the implementation and facilitation of effective Cyber Security Governance processes.
• Responsible for effectiveness of cyber standards and guidance and driving continuous improvement.
• Responsible for collaborating across stakeholder groups (Cyber Security, Privacy, Physical Security, Legal, Finance, Product Teams etc.) to deliver reporting and incorporating feedback on cyber standards and guidance.

KEY SKILLS AND RELEVANT EXPERIENCE

Skills:

• Technically adept can write and communicate clearly.
• Can operate in a liaison role with Product teams to support development and documentation of blueprints, standards.
• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.
• Good understanding of cyber security frameworks (e.g., NIST CSF) .
• Proven ability to work in a collaborative environment with international team members
• Ability to lead through accountability with delegated responsibilities and to manage conflicting priorities and multiple tasks.
• Ability to hold others to account and to deliver through others
• Stakeholder management influencing abilities and interpersonal skills at both a technical and non-technical level.
• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved. Analytical mindset with a passion for problem-solving and learning new technologies.
• Adaptability and willingness to embrace change in a dynamic work environment.
• Creativity and innovation in finding solutions to documentation challenges.
• Commitment to maintaining high standards of quality and accuracy in documentation deliverables.

EXPERIENCE:

• The role holder will have an excellent working knowledge of a global operational organisation, ideally having previously held a role in Cyber Security.
• Practitioner of global best practice cyber security standards (e.g., NIST, CIS, or ISO), demonstrable expertise across Information Security standards and controls, and the three lines of defence model for appropriate segregation of duties and risk transparency.
• Proven track record in risk management and governance.
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses.
• Experience within a customer focused environment. International experience with likes of Fortune Global 500 companies or similar preferred, but not required,
• Knowledge of the applications or the technical landscape within the domain and experience of delivering fit for purpose outcomes.

RECRUITMENT FRAUD

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs. These types of attacks are becoming more common as more people are looking for employment in the economic climate.

JOB PURPOSE

A vacancy exists for a Cyber Security Policy and Standards Manager, within Unilever’s Cyber Security function. The successful candidate will drive the maintenance of our internal cyber security framework of standards and supporting guidance for the whole of Unilever’s global organisation.

Key areas under this role delivered as part of the Cyber Security Policy and Standards team include:

• The creation, maintenance and continuous improvement of our global cyber security standards, and associated guidance covering the Unilever ecosystem (including IT, OT and IoT).
• Ensuring the accepted control framework is implementable in our environment and maintained in GRC tooling.
• Ensuring the control framework is aligned with our risk assessment and assurance processes.
• Processing proposed changes to standards and guidance to ensure they are collated, reviewed, accepted, signed off and communicated.
• Monitoring NIST CSF and other industry frameworks for updates and conducting gap analysis.
• Maintaining awareness and visibility of relevant regulatory compliance requirements, including triggering changes to standards where required.
• Working with education, awareness, and engagement teams to ensure the organisation understands our cyber policy and standards, why they are important and how to get help in implementing them.
• Partnering with other functions (e.g. Finance, Privacy) to ensure alignment with other control frameworks.

As a Cyber Security Policy and Standards Manager, you will be responsible for the end-to-end build process, enabling the creation of comprehensive and detailed guidance that outlines how cyber security controls can be implemented in different environments to ensure compliance. Documents may be “Technical Blueprints”, aimed at technology delivery areas, through to “How to Guides”, aimed at non-technical business areas. Documents need to be concise, and in a language conducive to the audience.
Your primary responsibility will be to work with the Governance, Policy & Standards team to identify requirements and then work with Product Management and Subject Matter Experts (SMEs) to develop accurate and clear content. SMEs may be from the Cyber Security team, or may be internal or third-party developers, engineers, technical architects or system integrators.
Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Marmite, and Lynx. That’s why our purpose as Unilever is ‘to brighten everyday life for all’.
Unilever’s Cyber Security organisation is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organisation runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and risk advisory to our business, and assesses the security posture of our vast technology estate, including factories and Research & Development.

ROLE PURPOSE:

A vacancy exists for a Cyber Security Policy and Standards Manager, within Unilever’s Cyber Security function. The successful candidate will drive the maintenance of our internal cyber security framework of standards and supporting guidance for the whole of Unilever’s global organisation.

Key areas under this role delivered as part of the Cyber Security Policy and Standards team include:

• The creation, maintenance and continuous improvement of our global cyber security standards, and associated guidance covering the Unilever ecosystem (including IT, OT and IoT).
• Ensuring the accepted control framework is implementable in our environment and maintained in GRC tooling.
• Ensuring the control framework is aligned with our risk assessment and assurance processes.
• Processing proposed changes to standards and guidance to ensure they are collated, reviewed, accepted, signed off and communicated.
• Monitoring NIST CSF and other industry frameworks for updates and conducting gap analysis.
• Maintaining awareness and visibility of relevant regulatory compliance requirements, including triggering changes to standards where required.
• Working with education, awareness, and engagement teams to ensure the organisation understands our cyber policy and standards, why they are important and how to get help in implementing them.
• Partnering with other functions (e.g. Finance, Privacy) to ensure alignment with other control frameworks.

As a Cyber Security Policy and Standards Manager, you will be responsible for the end-to-end build process, enabling the creation of comprehensive and detailed guidance that outlines how cyber security controls can be implemented in different environments to ensure compliance. Documents may be “Technical Blueprints”, aimed at technology delivery areas, through to “How to Guides”, aimed at non-technical business areas. Documents need to be concise, and in a language conducive to the audience.
Your primary responsibility will be to work with the Governance, Policy & Standards team to identify requirements and then work with Product Management and Subject Matter Experts (SMEs) to develop accurate and clear content. SMEs may be from the Cyber Security team, or may be internal or third-party developers, engineers, technical architects or system integrators.
You will be responsible for the lifecycle management of documents in the standards and guidance framework, which will require you to work with cyber security and non-cyber security stakeholders to update and adapt the contents to ensure it is up-to-date, accurate, tailored to specific environments and is optimised.
The position will work with the wider Governance, Risk, Assurance, and Compliance team as well as our Business Information Security Officer teams globally to facilitate the effective translation and implementation of cyber controls as a key business enabler for cyber security.

KEY RESPONSIBILITIES:

• Content Creation: Work with key Product SMEs to develop high-quality technical documentation, including user Implementation Blueprints, How To’s and processes.
• Collaboration: Collaborate with cross-functional teams, including developers, product managers, quality assurance engineers, and customer support representatives, to gather information and validate documentation content.
• Content Review and Editing: Review submitted documentation for accuracy, clarity, and consistency. Edit and update content as needed to ensure it meets the needs of the target audience.
• Documentation Standards: Adhere to documentation standards, style guides, and best practices to ensure consistency and quality across all documentation deliverables.
• User Experience: Advocate for the end user by ensuring that documentation is easy to understand, accessible and aligns with user needs and expectations.
• Version Control: Manage version control of documentation using appropriate tools and systems, ensuring that all updates and revisions are properly tracked and documented.
• Continuous Improvement: Continuously evaluate and improve documentation processes, tools, and templates to enhance efficiency and effectiveness.
• Training and Support: Provide training and support to internal teams on how to interpret cyber controls and technical documentation effectively.