Cyber Policy, Risk and Governance Manager

Our client is seeking a strategic leader to drive the development, implementation, and oversight of their Cyber Policy, Risk, and Governance program. This role will play a critical part in ensuring alignment with evolving global cybersecurity regulations while enabling scalable, business-friendly solutions.

This position requires a balance of deep technical expertise, strong leadership, and the ability to translate complex regulatory requirements into practical, enterprise-wide frameworks.

Relocation: Our client offers a relocation package

• Lead the development and execution of the organization's cybersecurity governance, risk, and compliance (GRC) strategy
• Align cybersecurity governance with enterprise priorities, business strategies, and standardized processes
• Partner with Global Information Services (GIS) teams and cross-functional groups (HR, Legal, Privacy, Trade Compliance, EHS, etc.) to strengthen and standardize cybersecurity posture
• Collaborate with Business Unit and Functional leaders to assess risk and governance needs, delivering programs in policy development, training, and risk management
• Oversee global governance and risk management processes to enhance cybersecurity maturity and performance
• Build, lead, and mentor a high-performing cyber governance and risk team, fostering a culture of accountability and innovation
• Design and deliver training, communications, and tools to support cybersecurity initiatives across the organization
• Develop and implement change management strategies to drive the adoption of cybersecurity policies and practices
• Conduct maturity assessments and recommend targeted improvements to strengthen cybersecurity capabilities
• Monitor industry trends, perform benchmarking, and recommend forward-looking solutions aligned with organizational strategy
• Collaborate with cybersecurity and IT teams to align business processes and technology platforms
• Support the CISO in strategic planning, regulatory interpretation, and compliance initiatives (e.g., CMMC, ISO 27001, NIST 800-171, NIS2, UK Cyber Essentials)
• Develop and maintain cybersecurity policies, procedures, and standards
• Establish and track key performance metrics to support data-driven decision-making and continuous improvement
• Manage internal teams and external vendors to deliver governance and risk objectives on time and within budget
• Represent cybersecurity in cross-functional initiatives, audits, customer engagements, and leadership forums
• Serve as a delegate for the CISO, as needed

• Demonstrated expertise in designing and implementing cybersecurity governance and GRC frameworks
• Strong knowledge of global cybersecurity standards and regulations (e.g., NIST CSF/RMF, ISO 27001, TISAX, AirCyber)
• Proven ability to interpret regulatory requirements and translate them into actionable policies and risk mitigation strategies
• Experience managing risk registers and performing risk analysis
• Strong analytical, problem-solving, and decision-making skills
• Experience with incident response governance and issue resolution
• Excellent communication and presentation skills, with the ability to engage both technical and non-technical audiences
• Proven ability to influence stakeholders across all organizational levels without direct authority
• Experience presenting to executive leadership and boards
• Deep understanding of IT systems, infrastructure, and cybersecurity technologies
• Demonstrated leadership and change management experience in a global, decentralized organization

• Bachelor's degree in Business Administration, Cybersecurity, MIS, or a related field
• Minimum of 5 years of experience leading cybersecurity programs
• At least 2 years of experience in cybersecurity governance and risk management within a global organization
• Relevant industry certification required (e.g., ISO 27001, CMMC)