Cybersecurity Policy Setting - Global Expert

Digital & Technology Team (D&T) is an integral division of HEINEKEN Global Shared Services Center. We are committed to making Heineken the most connected brewery. That includes digitalizing and integrating our processes, ensuring best-in-class technology, and embedding a data-driven culture. By joining us you will work in one of the most dynamic and innovative teams and have a direct impact on building the future of Heineken!

Would you like to meet the Team, see our office and much more? Visit our website: Heineken (heineken-dt.pl)

At HEINEKEN, Cybersecurity is a business enabler. Within our Cyber Assurance Tribe, we help the organisation manage cyber risk with confidence—by setting clear policies, assessing risk, and embedding security by design across our digital landscape.

We are looking for a Cybersecurity Policy Setting – Global Expert to join our global team responsible for shaping HEINEKEN’s security governance framework, performing business impact and security risk assessments, and supporting risk-informed decision-making across Global Functions and Digital & Technology product teams.

This role is ideal for a cybersecurity professional who enjoys working at the intersection of technology, risk, regulation, and business, and who wants to influence how security is embedded across a global organisation.

Your responsibilities would include:

• Developing and maintaining HEINEKEN’s Security Policy House, translating regulatory and industry requirements (including NIS2 and DORA) into clear and business-aligned policies
• Executing and owning Business Impact Assessments (BIA) and Security Risk Assessments across Global Functions, product teams, and critical assets
• Prioritising and managing the assessment backlog based on risk severity, business priorities, and lifecycle requirements
• Providing expert security risk advisory to stakeholders, supporting the design and implementation of effective, risk-aligned security controls
• Identifying emerging threats and vulnerabilities, and recommending improvements to strengthen the organisation’s cyber risk posture
• Acting as a trusted security advisor to assigned stakeholders, embedding security considerations into solution design and business initiatives
  
  

collaborating with cross-functional cyber security teams (e.g. Security by Design, GRC, Compliance) to ensure a consistent and coordinated risk management approach

• Developing and presenting security risk insights and updates to senior stakeholders and governance forums
• Driving Agile, Kanban-based ways of working, promoting transparency, continuous improvement, and shared ownership within the team
  
  

You are a good candidate if you have:

• 5+ years of experience in cybersecurity, IT risk management, IT audit, or a similar field
• Strong understanding of security governance, risk assessment methodologies, and control frameworks
• Knowledge of industry standards such as ISO 27001, NIST CSF, and IEC 62443
• Understanding of regulatory frameworks such as NIS2 and DORA, and awareness of their impact on security policy and risk
• Experience in conducting Business Impact Assessments and Security Risk Assessments in complex environments
• Ability to translate regulatory and technical requirements into practical, business-friendly policies and recommendations
• Strong stakeholder management skills, with the ability to communicate complex risk topics clearly to both technical and non-technical audiences
• Experience presenting risk insights and recommendations to senior stakeholders
• Strong analytical thinking and structured problem-solving approach
• Excellent written and verbal English
  
  

You are a perfect match if you also have:

• Professional certifications such as CISSP, CISM, CISA, ISSMP, or similar
• Experience developing and managing security governance frameworks at scale
• Experience working in global, cross-functional organisations
• Familiarity with agile or product-based ways of working, including Kanban
• Strong reporting and data analysis skills, including experience with tools such as Excel or Power BI
• A continuous improvement mindset and the ability to proactively identify risk and improvement opportunities