Policy Lead

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity. Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.

Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

About the Role

The Cyber Security Policy Lead is responsible for authoring, assuring, and continuously improving Haleon’s Information Security Policies & Standards. This role ensures that policy requirements are clear, actionable, and aligned with Haleon’s regulatory, statutory, contractual, industry best practice obligations. The Policy Lead partners closely with Cyber Advisory, GRC, Security Architecture, and Technical Domain teams to maintain a robust, traceable taxonomy that enables consistent measurement of secure and compliant outcomes across Haleon’s global technology environment.

Key Responsibilities

• Policy Development & Lifecycle Management

• Author, update, and maintain Haleon’s Information Security Policies & Standards.
• Lead structured governance cycles, including annual reviews, stakeholder consultations, and approval processes.
• Ensure policy, standard, control, and procedure documentation meets Haleon’s standards for clarity, accuracy, technical relevance, and usability.
• Participate in policy exception processes, ensuring risk-based evaluation and traceability.

• Control Framework Integration & Taxonomy Management

• Develop and maintain a policy-to-standards-to-controls taxonomy that supports measurable compliance and risk reporting.
• Ensure alignment to recognized frameworks (NIST, CIS, ISO 27001) and harmonize external requirements into Haleon’s control library.
• Partner with GRC teams to ensure policy requirements align with Haleon’s risk management systems and control sets.
• Support development of testable control statements and evidence requirements.

• Cross-Functional Collaboration & Advisory

• Work closely with Cyber Advisory to ensure policies support secure-by-design architecture and effective risk identification.
• Partner with Domain Architects and SMEs across IAM, Cloud, Data, Infrastructure, OT, and Application Security to validate technical accuracy.
• Serve as a policy authority during solution assessments, onboarding activities, and governance forums.
• Support stakeholder education and communication to ensure policy understanding across Haleon.

• Continuous Compliance & Automation Support

• Define policy and standard requirements that can be automated within solution delivery pipelines and operational platforms.
• Collaborate with engineering and platform teams to embed policy-aligned controls into DevSecOps.
• Contribute to Haleon’s continuous compliance strategy by ensuring traceable, measurable, and enforceable policy requirements.

• Governance, Assurance & Documentation Quality

• Provide expert guidance for audits, assurance reviews, and regulatory assessments.
• Maintain high-quality documentation and ensure all policy materials reflect Haleon’s governance model.
• Identify opportunities to streamline and modernize Haleon’s policy framework and governance processes.

Deliverables

• Updated and approved Information Security Policies & Standards aligned with Haleon’s risk posture.
• A unified, traceable policy taxonomy linking requirements to controls and assurance measures.
• Clear and testable standard requirements enabling continuous compliance and automation.
• Policy exception assessments and governance documentation.
• High-quality communication materials for policy rollouts, stakeholder briefings, and awareness campaigns.

Experience & Qualifications

• 7–12 years experience in Cyber Security, Information Security Governance, GRC, or related roles.
• Demonstrated experience authoring and governing security policies, standards, or enterprise control frameworks.
• Strong understanding of key technical domains, including: IAM, Cloud, Data Protection, Infrastructure, Application Security, and OT.
• Experience collaborating with architecture, engineering, and risk functions in a global enterprise.
• Exceptional written communication and documentation skills.

Preferred Certifications: CISSP, CISM, ISO 27001 Lead Implementer/Auditor. Experience working in regulated or high-governance environments. Familiarity with GRC platforms (ServiceNow GRC, Archer, etc). Experience with cloud governance and automated security controls.

Core Competencies

• Deep knowledge of security controls and governance principles.
• Policy authoring, compliance analysis, and control mapping.
• Analytical thinking and ability to simplify complex technical concepts.
• Strong communication and collaboration skills.
• Ability to influence decision-making across technical and business teams.
• High standard of documentation quality and technical accuracy.
• Strategic thinking with a continuous improvement mindset.

What Success Looks Like

Haleon has a modern, cohesive, and measurable Information Security Policy framework. Policies and standards clearly guide secure design decisions and support enterprise risk reduction. Business and technical teams understand their obligations and feel supported by actionable guidance. Policy requirements seamlessly integrate with Haleon’s risk management, continuous compliance, and automation initiatives. Governance processes are efficient, transparent, and trusted. Haleon’s security posture is strengthened through clear, consistent, and traceable security expectations.

Equal Opportunities

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.

During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees. The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

Adjustment or Accommodations Request

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.

Note to candidates

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.