Cyber Security Policy & Standards Manager

Job Title: Cyber Security Policy & Standards Manager

Business Function:Cyber Security

Location:Flexible (India & UK)

Reports to:Senior Cyber Security Policy & Standards Manager

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Marmite, and Lynx. That’s why our purpose as Unilever is ‘to brighten everyday life for all’.

Unilever’s Cyber Security organisation is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organisation runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and risk advisory to our business, and assesses the security posture of our vast technology estate, including factories and Research & Development.

JOB PURPOSE

A vacancy exists for a Cyber Security Policy and Standards Manager, within Unilever’s Cyber Security function. The successful candidate will drive the maintenance of our internal cyber security framework of standards and supporting guidance for the whole of Unilever’s global organisation.

Key areas under this role delivered as part of the Cyber Security Policy and Standards team include:

• The creation, maintenance and continuous improvement of our global cyber security standards, and associated guidance covering the Unilever ecosystem (including IT, OT and IoT).
• Ensuring the accepted control framework is implementable in our environment and maintained in GRC tooling.
• Ensuring the control framework is aligned with our risk assessment and assurance processes.
• Processing proposed changes to standards and guidance to ensure they are collated, reviewed, accepted, signed off and communicated.
• Monitoring NIST CSF and other industry frameworks for updates and conducting gap analysis.
• Maintaining awareness and visibility of relevant regulatory compliance requirements, including triggering changes to standards where required.
• Working with education, awareness, and engagement teams to ensure the organisation understands our cyber policy and standards, why they are important and how to get help in implementing them.
• Partnering with other functions (e.g. Finance, Privacy) to ensure alignment with other control frameworks.

As a Cyber Security Policy and Standards Manager, you will be responsible for the end-to-end build process, enabling the creation of comprehensive and detailed guidance that outlines how cyber security controls can be implemented in different environments to ensure compliance. Documents may be “Technical Blueprints”, aimed at technology delivery areas, through to “How to Guides”, aimed at non-technical business areas. Documents need to be concise, and in a language conducive to the audience.

Your primary responsibility will be to work with the Governance, Policy & Standards team to identify requirements and then work with Product Management and Subject Matter Experts (SMEs) to develop accurate and clear content. SMEs may be from the Cyber Security team, or may be internal or third-party developers, engineers, technical architects or system integrators.

Unilever is one of the world’s leading suppliers of Food, Home, and Personal Care products with sales in over 190 countries and reaching 3.4 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Persil, Dove, Knorr, Domestos, Hellmann’s, Marmite, and Lynx. That’s why our purpose as Unilever is ‘to brighten everyday life for all’.

Unilever’s Cyber Security organisation is a multi-disciplinary team responsible for protecting the Confidentiality, Integrity and Availability of our Information and Operations. Our Cyber Security organisation runs a 24x7 Security Operations Centre, oversees a robust Security Architecture and associated technology landscape, provides Cyber Security Solution Engineering and risk advisory to our business, and assesses the security posture of our vast technology estate, including factories and Research & Development.

Role Purpose:

A vacancy exists for a Cyber Security Policy and Standards Manager, within Unilever’s Cyber Security function. The successful candidate will drive the maintenance of our internal cyber security framework of standards and supporting guidance for the whole of Unilever’s global organisation.

Key areas under this role delivered as part of the Cyber Security Policy and Standards team include:

• The creation, maintenance and continuous improvement of our global cyber security standards, and associated guidance covering the Unilever ecosystem (including IT, OT and IoT).
• Ensuring the accepted control framework is implementable in our environment and maintained in GRC tooling.
• Ensuring the control framework is aligned with our risk assessment and assurance processes.
• Processing proposed changes to standards and guidance to ensure they are collated, reviewed, accepted, signed off and communicated.
• Monitoring NIST CSF and other industry frameworks for updates and conducting gap analysis.
• Maintaining awareness and visibility of relevant regulatory compliance requirements, including triggering changes to standards where required.
• Working with education, awareness, and engagement teams to ensure the organisation understands our cyber policy and standards, why they are important and how to get help in implementing them.
• Partnering with other functions (e.g. Finance, Privacy) to ensure alignment with other control frameworks.

As a Cyber Security Policy and Standards Manager, you will be responsible for the end-to-end build process, enabling the creation of comprehensive and detailed guidance that outlines how cyber security controls can be implemented in different environments to ensure compliance. Documents may be “Technical Blueprints”, aimed at technology delivery areas, through to “How to Guides”, aimed at non-technical business areas. Documents need to be concise, and in a language conducive to the audience.

Your primary responsibility will be to work with the Governance, Policy & Standards team to identify requirements and then work with Product Management and Subject Matter Experts (SMEs) to develop accurate and clear content. SMEs may be from the Cyber Security team, or may be internal or third-party developers, engineers, technical architects or system integrators.

You will be responsible for the lifecycle management of documents in the standards and guidance framework, which will require you to work with cyber security and non-cyber security stakeholders to update and adapt the contents to ensure it is up-to-date, accurate, tailored to specific environments and is optimised.

The position will work with the wider Governance, Risk, Assurance, and Compliance team as well as our Business Information Security Officer teams globally to facilitate the effective translation and implementation of cyber controls as a key business enabler for cyber security.

Key Responsibilities:

• Content Creation: Work with key Product SMEs to develop high-quality technical documentation, including user Implementation Blueprints, How To’s and processes.

• Collaboration: Collaborate with cross-functional teams, including developers, product managers, quality assurance engineers, and customer support representatives, to gather information and validate documentation content.
• Content Review and Editing: Review submitted documentation for accuracy, clarity, and consistency. Edit and update content as needed to ensure it meets the needs of the target audience.
• Documentation Standards: Adhere to documentation standards, style guides, and best practices to ensure consistency and quality across all documentation deliverables.
• User Experience: Advocate for the end user by ensuring that documentation is easy to understand, accessible and aligns with user needs and expectations.
• Version Control: Manage version control of documentation using appropriate tools and systems, ensuring that all updates and revisions are properly tracked and documented.
• Continuous Improvement: Continuously evaluate and improve documentation processes, tools, and templates to enhance efficiency and effectiveness.
• Training and Support: Provide training and support to internal teams on how to interpret cyber controls and technical documentation effectively.

Main Accountabilities

Accountabilities:

• GRAC Standards and Governance Team are accountable for Cyber Security Policy, Standards and Guidance. This role is accountable for the implementation, activation and maintenance of fit for purpose Cyber Standards and Guidance. 
• The role will elevate and influence enterprise cyber security risk mitigation across Unilever
• Responsible for supporting the implementation and facilitation of effective Cyber Security Governance processes.
• Responsible for effectiveness of cyber standards and guidance and driving continuous improvement.
• Responsible for collaborating across stakeholder groups (Cyber Security, Privacy, Physical Security, Legal, Finance, Product Teams etc.) to deliver reporting and incorporating feedback on cyber standards and guidance.

Key Skills and Relevant Experience

Skills:

• Technically adept can write and communicate clearly.
• Can operate in a liaison role with Product teams to support development and documentation of blueprints, standards.
• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.
• Good understanding of cyber security frameworks (e.g., NIST CSF) .
• Proven ability to work in a collaborative environment with international team members
• Ability to lead through accountability with delegated responsibilities and to manage conflicting priorities and multiple tasks.
• Ability to hold others to account and to deliver through others
• Stakeholder management influencing abilities and interpersonal skills at both a technical and non-technical level.
• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved. Analytical mindset with a passion for problem-solving and learning new technologies.
• Adaptability and willingness to embrace change in a dynamic work environment.
• Creativity and innovation in finding solutions to documentation challenges.
• Commitment to maintaining high standards of quality and accuracy in documentation deliverables.

Experience:

• The role holder will have an excellent working knowledge of a global operational organisation, ideally having previously held a role in Cyber Security.
• Practitioner of global best practice cyber security standards (e.g., NIST, CIS, or ISO), demonstrable expertise across Information Security standards and controls, and the three lines of defence model for appropriate segregation of duties and risk transparency.
• Proven track record in risk management and governance.
• Excellent strategic and operational business awareness, with a deep understanding of the key drivers, levers, issues, and constraints of digital businesses.
• Experience within a customer focused environment. International experience with likes of Fortune Global 500 companies or similar preferred, but not required,
• Knowledge of the applications or the technical landscape within the domain and experience of delivering fit for purpose outcomes.

Behaviours

Candidates would be required to the following behaviours:

• Care Deeply - Cares deeply about how consumers experience our brands, with a focus on performance.   Inspires the energy needed to win, generating intensity and focus to motivate people to deliver quality results at speed.
• Focus on What Counts – Has the ability to ruthlessly prioritise.  Setting clear and stretching goals delivering the maximum performance impact - Flexes leadership style and plans to meet changing situations with urgency
• Stay Three Steps Ahead – Is able to think boldly and creatively to make breakthroughs in performance. Always curious and confident.  Encouraging experimentation and intelligent risk-taking.
• Deliver With Excellence – Is able to deliver everything we do with excellence and pace.
  Taking personal ownership for outcomes and can deliver through others.  Sets high standards for themselves and always brings their best self.

NOTES

About Unilever

Unilever is one of the world’s leading suppliers of Food, Home and Personal Care products with sales in over 190 countries and reaching 2 billion consumers a day. Unilever has more than 400 brands found in homes around the world, including Dove, Tresemme, Lynx, Lifebuoy, Shea Moisture, Persil, Domestos, Ben & Jerry’s, Magnum, Marmite, The Vegetarian Butcher, Graze and Pot Noodle.

Faced with the challenge of climate change and the need for human development, we want to move towards a world where everyone can live well and within the natural limits of the planet. That’s why our purpose is ‘to make sustainable living commonplace’  

What We Offer

Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, subsidised gym membership, a discounted staff shop and shares. You’ll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.

Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all. 

Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, including about our Employee Resource Groups, please click here Equity, Diversity & Inclusion at Unilever | Unilever.

Recruitment Fraud

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs.  These types of attacks are becoming more common as more people are looking for employment in the economic climate. 

How is Unilever tackling this?

Many of Unilever’s recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down. 

What can I do?

If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat. 

Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!