Cyber Assurance Manager

Role Overview Using a risk-led and threat-informed approach, this role will drive periodic assurance activities in support of the Global Risk & Compliance (GRC) team, aligned with Unilever’s risk appetite. The objective is to enable informed decision-making and foster secure behaviour across the global business. The Cyber Assurance Manager will be responsible for assuring compliance with Cyber Security policies, standards, and international regulations, while collating and reporting risks and metrics derived from these assurance activities. This position oversees periodic assurance across all areas of the business globally, ensuring resilience and compliance in a rapidly evolving threat landscape. The role functions within a matrix structure, reporting to the Cyber Resilience Assurance Lead Manager while supporting the Cyber Production Assurance Lead Manager on project deliverables. It is responsible for maintaining strong governance and ensuring consistent execution across key assurance activities. • Work with Cyber Resilience Assurance and Cyber Production Assurance Lead Managers to deliver a comprehensive suite of assurance activities including: o Cyber crisis response readiness/effectiveness, cyber resilience in Business Continuity Planning (BCP), IT/cloud resilience and data recovery assurance, continuous controls monitoring and reporting, Operational Technology (OT), Internet of Things (IoT) assurance, and AI assurance— all focused on strengthening resilience and ensuring compliance. • Responsible for ensuring the assessment and effective reporting of Unilever’s compliance against Unilever’s standards and relevant global cyber regulations and best practices, enabling wider Risk and Compliance based insights. • Develop, maintain, and manage assurance documentation, reports, and audit evidence to support compliance objectives. • Conduct and support risk assessments, control validations, and compliance checks across cyber assurance initiatives. • Design, track, and maintain key cyber assurance metrics for both Cyber Resilience and Production Assurance workstreams. • Prepare and deliver executive-level reports summarizing the organization’s overall cyber assurance posture. • Drive continuous improvement of assurance processes, frameworks, and methodologies to enhance resilience and compliance. Required Experience & Expertise • Significant experience in ITES industry, including experience in a senior Cyber Security or Information Security role. • Strong experience in managing operational risks and controls, including end-to-end risk identification, assessment, and mitigation. • Strong knowledge of enterprise cloud environments, with some hands-on experience using leading platforms such as Azure, GCP, AWS etc • Proven track record in Cyber Security, including cyber risk management and governance. • Experience in IT & Cyber Automation, enabling real-time telemetry ingestion and correlation using APIs, data pipelines, or event hubs. • Excellent strategic and operational business awareness, with deep understanding of digital business drivers and constraints. • Strong communication skills and experience presenting to senior leaders. • Knowledge of technical landscapes and experience delivering Cyber Security projects. • Cybersecurity and resilience certifications such as Security+, CISA, CISM, CISSP (or equivalent), ISO22301, CBCP etc. Additional Skills & Competencies • Cyber automation and data analysis/visualization expertise. • Strong knowledge of common vulnerabilities and exploitation techniques. • Understanding of industry-standard AI governance and risk frameworks; familiarity with Azure AI services and security architecture. • Ability to manage conflicting priorities and work collaboratively with globally distributed teams. • Deep knowledge of IT Disaster Recovery programs, Business Continuity Planning, and resilience frameworks, with subject matter expertise in BCM, Crisis Management, Resilience, Risk, and Compliance domains. • A strong grasp of enterprise security technologies is essential, including GRC platforms (such as ServiceNow, MetricStream, SureCloud), SOC solutions (SIEM and SOAR), endpoint detection and response (EDR), vulnerability management tools, identity security solutions, network and web security technologies, and cloud security platforms such as CSPM and CNAPP. • Strong presentation skills and ability to work with vague requirements to build prototypes and iterate solutions.