Cybersecurity Policy Writer & Governance Lead

Cybersecurity Policy Writer & Governance Lead

Description -

Job Summary

We are seeking a strategic and detail-driven Cybersecurity Policy Writer & Governance Lead to design, implement, and continuously enhance cybersecurity policies and governance frameworks. This role is critical in strengthening HP’s security posture, ensuring regulatory compliance, and embedding risk-aware practices across the company.

The ideal candidate combines deep expertise in cybersecurity standards and regulatory requirements with the ability to translate complex technical concepts into clear, actionable, business-aligned policies. This role requires strong cross-functional collaboration, executive communication skills, and a proactive approach to risk management.

Key Responsibilities

Policy Development & Governance

• Lead the development, review, and lifecycle management of cybersecurity policies, standards, and specifications.
• Establish and mature governance frameworks aligned with industry-best practices and regulatory expectations.
• Ensure policies evolve in response to emerging threats, business changes, and regulatory updates.

Regulatory Compliance & Risk Alignment

• Maintain strong knowledge of regulatory and industry frameworks such as NIST Cybersecurity Framework, ISO/IEC 27001, CIS V8.1, General Data Protection Regulation, and PCI DSS.
• Ensure alignment between cybersecurity controls, enterprise risk management practices, and compliance obligations.
• Provide authoritative guidance on policy interpretation, control implementation, and exception management.

Stakeholder Engagement

• Partner with IT, Legal, Compliance, Risk, Audit, and business units to ensure policies are practical, enforceable, and business-aligned.
• Influence senior leadership through reporting on governance metrics, compliance posture, and risk exposure.

Training & Awareness

• Support the development and delivery of cybersecurity awareness and policy training programs.
• Promote a culture of security accountability and governance maturity across the organization.

Monitoring & Reporting

• Define and track governance KPIs and KRIs.
• Monitor policy adherence and control effectiveness.
• Provide executive-level reporting on compliance trends, risk insights, and remediation progress.

Qualifications

• Bachelor’s or Graduate degree in Computer Science, Information Technology, Cybersecurity, or related discipline (or equivalent experience).
• 7–10 years of progressive experience in cybersecurity governance, policy development, risk management, or compliance.
• Demonstrated experience drafting enterprise-level cybersecurity policies and standards.
• Strong knowledge of global regulatory and cybersecurity control frameworks.
• Exceptional written and verbal communication skills, with the ability to translate technical requirements into business-focused guidance.
• Experience with policy lifecycle management tools or governance platforms preferred.
• Professional certifications such as CISSP, CISM, CRISC, or ISO 27001/NIST-related certifications are highly desirable.
• Working understanding of Artificial Intelligence is a plus.

Technical & Governance Expertise

• Cybersecurity Governance & Operating Models
• Policy & Standards Development
• Regulatory Compliance & Audit Readiness
• Security Controls & Control Mapping
• Automation & Governance Tooling

Leadership & Enterprise Skills

• Executive Communication
• Cross-Functional Influence
• Results Orientation
• Learning Agility
• Customer-Centric Mindset

Impact & Scope

• Influences cybersecurity governance strategies across multiple teams and business units.
• May lead projects or initiatives related to governance transformation and compliance readiness.
• Drives enterprise-wide consistency in policy adoption and control maturity.

Complexity

• Operates within established frameworks while addressing complex regulatory and cybersecurity challenges.
• Exercises independent judgment in interpreting standards and resolving governance issues.
• Balances risk, compliance, and operational practicality in decision-making.

The pay range for this role is $105,050 to $161,800 USD annually with additional opportunities for pay in the form of bonus and/or equity (applies to United States of America candidates only). Pay varies by work location, job-related knowledge, skills, and experience.

Benefits:

HP offers a comprehensive benefits package for this position, including:

• Health insurance
• Dental insurance
• Vision insurance
• Long term/short term disability insurance
• Employee assistance program
• Flexible spending account
• Life insurance
• Generous time off policies, including;
• 4-12 weeks fully paid parental leave based on tenure
• 11 paid holidays
• Additional flexible paid vacation and sick leave (US benefits overview)

The compensation and benefits information is accurate as of the date of this posting. The Company reserves the right to modify this information at any time, with or without notice, subject to applicable law.

Disclaimer
• This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.

Job -

Data & Information Technology

Schedule -

Full time

Shift -

No shift premium (United States of America)

Travel -

No

Relocation -

No

Equal Opportunity Employer (EEO) - 

HP, Inc. provides equal employment opportunity to all employees and prospective employees, without regard to race, color, religion, sex, national origin, ancestry, citizenship, sexual orientation, age, disability, or status as a protected veteran, marital status, familial status, physical or mental disability, medical condition, pregnancy, genetic predisposition or carrier status, uniformed service status, political affiliation or any other characteristic protected by applicable national, federal, state, and local law(s).

Please be assured that you will not be subject to any adverse treatment if you choose to disclose the information requested. This information is provided voluntarily. The information obtained will be kept in strict confidence.

For more information, review HP’s EEO Policy or read about your rights as an applicant under the law here: “Know Your Rights: Workplace Discrimination is Illegal"