Position: Security Policy Analyst Overview: Our client is seeking an experienced Policy and Compliance Specialist to support its Governance, Risk, and Compliance team. This role focuses on maintaining and enhancing the organisation’s policy framework, ensuring alignment with regulatory standards, and driving improvements in documentation and compliance processes. This position has arisen as part of our clients strategy to mature its compliance operations and maintain alignment with evolving regulatory standards. The role is pivotal in ensuring that policy documentation is accurate, compliant, and up to date. Key Responsibilities: Policy Maintenance & Documentation: Maintain the Information Security Management System (ISMS) documentation required for ISO certification. Ensure policies are up-to-date and compliant with regulatory standards, including ISO 27001:2022, NIS CAF 3.2, NIST v2.0, and PCI DSS. Review, draft, and update policies and procedures to align with organisational requirements and regulatory controls. Audit & Compliance: Conduct audits to ensure policies are compliant with relevant standards and identify gaps. Align policy documentation to organisational controls and manage policy exception processes. Stakeholder Engagement: Work collaboratively with SMEs to address queries, handle pushback, and ensure stakeholder alignment. Facilitate workshops to clarify policy requirements and gather feedback. Process Improvement: Actively identify opportunities to improve the pace and quality of policy updates. Ensure that all documents are properly formatted and meet quality standards, reducing the need for extensive oversight. Key Skills and Attributes: Experience: Proven track record in compliance, governance, or security-related roles. Familiarity with maintaining ISMS documentation for certification. Technical Knowledge: Strong understanding of security standards and frameworks, including ISO 27001, NIS CAF, NIST, and PCI DSS. Policy Expertise: Skilled in drafting, reviewing, and improving policies and procedures, with attention to detail and a focus on quality. Communication Skills: Excellent verbal and written communication, capable of running workshops, addressing queries, and managing challenging stakeholders. Organisational Skills: Strong time management and ability to follow through tasks from initiation to completion (starter-finisher). Problem-Solving: Proactive approach to identifying and resolving gaps in compliance and policy documentation.