Cyber Security Governance, Policy and Standards Analyst

Job Title: Cyber Security Governance, Policy and Standards Analyst

Business Function: Cyber Security

Location: UK or India

JOB PURPOSE

A vacancy exists for a Cyber Security Governance, Policy and Standards Analyst, within Unilever’s Cyber Security function. The successful candidate will primarily support the operation of our cyber security governance processes. In addition, this role will also ensure alignment with the Cyber Security Standards Framework and supporting guidance, that apply to the whole of Unilever’s global organisation.

Key areas under this role delivered as part of the Cyber Security Governance, Policy and Standards team include:

• Supporting the operation of our internal and external cyber governance activities – including facilitating the timely delivery of effective cyber governance reports (across multiple stakeholder groups).

• Partnering with other functions (e.g. Legal, Privacy) to ensure alignment with other governance activities.

• Maintaining awareness and visibility of relevant regulatory compliance requirements, including triggering changes to standards where required.

• Support reporting activities to ensure Unilever stay compliant with cyber legislation, e.g. NIS2.

• Support the Governance Manager to monitor NIST and other industry standard best practices and conducting gap analysis against our own governance and standards.

• Continuous improvement of Standards & Governance reporting including format and content.

• Automate and standardise reporting and analysis, using the GRC tooling, to drive accuracy and consistency.

• Ensuring the governance framework is aligned with our risk management and assurance processes.

• Working with education, awareness, and engagement teams to ensure the organisation understands our cyber governance, policy and standards, why they are important and how to get help in implementing them.

The position will work with the wider Governance, Risk, Assurance, and Compliance team as well as the Security Engagement teams globally to facilitate effective cyber governance controls for our organisation and position cyber as a key business enabler.

RESPONSIBILITIES

·Responsible for supporting the implementation and facilitation of effective Cyber Security Governance processes.

·Responsible for the operation of Cyber Governance bodies/groups and timely delivery of effective security governance reports, metrics, dashboards.

·Responsible for managing and tracking corporate audit actions for cyber security to ensure their timely closure with the right control measures.

·Responsible for collating responses to cyber security assessment requirements from customers and external organisations.

·Responsible for monitoring NIST and other industry standard best practices to conduct gap analysis against our current governance and drive continuous improvement.

·Responsible for collaborating across stakeholder groups (Security Engagement, Privacy, Physical Security, Legal, Finance, etc.) to deliver reporting and incorporating feedback on cyber governance.

ALL ABOUT YOU

Skills:

• Excellent written and verbal communication skills and able to be understood by both technical and non-technical personnel.

• In-depth understanding of cyber security reporting frameworks (e.g., NIST) complemented by skills in Programme / Project Management.

• Proven ability to work in a collaborative environment with international team members.

• Ability to lead through accountability with delegated responsibilities and to manage conflicting priorities and multiple tasks.

• Stakeholder management, influencing abilities and interpersonal skills at both a technical and non-technical level.

• Outstanding critical reasoning and problem-solving skills – sticking to the problem until it is resolved.

Experience:

• The role holder will have good working knowledge of a global operational organisation, ideally having previously held a role in Cyber Security.

• Practitioner of global best practice cyber security standards (e.g., NIST, CIS, or ISO), demonstrable expertise across Information Security standards and controls, and the three lines of defence model for appropriate segregation of duties and risk transparency.

• Proven track record in risk management and governance.

• Good strategic and operational business awareness, with an understanding of the key drivers, levers, issues, and constraints of digital businesses.

• Knowledge of the applications or the technical landscape within the domain and experience of delivering fit for purpose outcomes.

What We Offer

Not only do we offer a competitive salary and pension scheme, we also offer an annual bonus, free gym, a discounted staff shop and shares. You’ll have the opportunity to work directly with our renowned and exciting brands in a flexible and hybrid working environment.

Whilst the role is advertised on a full-time basis, we would be happy to discuss possible flexible working options and what this may look like for you. We are a key advocate of wellbeing and offer a variety of support for our people including hubs, programmes and development opportunities. We strive to achieve a family-friendly and inclusive workplace and to, above all, create possibilities for all.

Diversity at Unilever is about inclusion, embracing differences, creating possibilities and growing together for better business performance. We embrace diversity in our workforce. This means giving full and fair consideration to all applicants and continuing development of all employees regardless of age, disability, gender reassignment, race, religion or belief, sex, sexual orientation, marriage and civil partnership, and pregnancy and maternity. We are also more than happy to provide reasonable adjustments during our application and interview process to enable you to be present your best self. To find out more, click here: Equity, Diversity & Inclusion.

Recruitment Fraud

Cyber criminals advertise fake job adverts with prestigious employers as a way of stealing information or even defrauding individuals out of money. In the most sophisticated cases, they will set up fake websites, which have a similar address to companies like Unilever. They even conduct fake telephone interviews and then offer candidates a role with the proviso they pay a fee for background checks or to cover work visa costs. These types of attacks are becoming more common as more people are looking for employment in the economic climate.

How is Unilever tackling this?

Many of Unilever’s recruitment sites publish a warning to candidates about recruitment fraud. The Cyber Security team also proactively scan for signs of people setting up fake Unilever sites and act to close them down.

What can I do?

If you become aware of potential recruitment fraud, spot fake Unilever recruitment adverts or fake LinkedIn profiles, report them via Una Live Chat.

Unilever does not accept responsibility or liability for any candidates who are financially impacted by recruitment fraud. Your vigilance is key!