Cyber Policy Lead
External
Fca · Edinburgh, UKPrepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Responsibilities
- Maintain and refresh the cyber policy framework by managing policy and standards updates in line with agreed review/refresh cycles and making out-of-cycle updates where material changes are required
- Modernise and simplify the policy & standards suite, exploring improved formats (e.g., "standards on a page") to increase usability and adoption across the organisation
- Serve as the FCA-wide point of contact for policy requirements, handling BAU and project-related queries and providing clear, consistent interpretations of published requirements
- Manage and track policy non-compliance and exceptions, including owning and modernising the Policy Waiver process and ensuring issues are surfaced and understood by relevant stakeholders
- Conduct policy gap analysis and horizon scanning, identifying emerging risks, regulatory/industry changes and required updates to keep the framework current and effective
- Support articulation of the organisation's Cyber Risk Appetite through the policy framework, ensuring requirements align to risk tolerance and are understood across the business
- Enable a new self-service policy model for low-risk projects, helping define requirements and controls that balance agility with the FCA's risk appetite
- Skills required
- Minimum:
- Experience in designing, drafting and maintaining policies, standards and procedures across their full lifecycle.
- Framework knowledge: Solid working knowledge of industry standards such as ISO 27001, NIST Cybersecurity Framework (CIS), CIS Controls
- Essential:
- Security Domain Knowledge: Understanding of technical security controls, including network security, cloud security, identity and access management and vulnerability management.
- Working knowledge of Information Management practices and Data Privacy legislation
- Stakeholder management: proven record in dealing with stakeholders at all levels (including Director level)
- Experience in delivering organisational change
- Risk identification, articulation and management
Benefits
Additional Information
Cyber Policy Lead Division: Operations Department: Cyber and Information Resilience Salary: National (Edinburgh and Leeds) ranging from £53,800 to £65,000 and London from £59,200 to £70,000 (salary offered will be based on skills and experience) This role is graded as: Senior Associate, Regulatory Your external recruitment contact is Raimonda via Raimonda.Stankute@fca.org.uk Your internal recruitment contact is Fizah via FizahFarouk.Ibrahim@fca.org.uk . Applications must be submitted through our online portal. Applications sent via social media or email will not be accepted. About the FCA and team We regulate financial services firms in the UK, to keep financial markets fair, thriving and effective. By joining us, you'll play a key part in protecting consumers, driving economic growth and shaping the future of UK finance services. The Cyber and Operational Resilience directorate enables secure and resilient regulation across the FCA and PSR, supporting the protection of UK consumers and financial markets. This Senior Associate sits within the Policy & Risk team, part of the wider Governance and Human Risk function. The role focuses on the management and maintenance of the Cyber & Information Resilience Policy Framework, including associated standards, procedures and guidance.
Your Match
How well this role fits your profile.
Company Intel
What employees say
Worked at fca? Share your experience