Job DescriptionAs part of the Enterprise Technology Services (ETS) Governance & Control organization, the objective of the Policies & Standards Associate is to develop, support, and enhance Technology (IT) and Information & Cyber Security (IS) policies and standards.
This Role Enables
- Consistent, high-quality documentation of technology policies, standards, and procedures
- Improved traceability between policy requirements, controls, and risk frameworks
- Stronger alignment between policy intent, operational procedures, and compliance requirements
ResponsibilitiesAs Policies & Standards Sr Associate- Contribute to a collaborative team environment focused on policy governance and operational excellence.
- Support senior team members and leadership in executing program priorities.
- Demonstrate a continuous improvement mindset and proactively identify opportunities to enhance processes and governing documents
Policy & Standards Lifecycle Governance: Manage and support the end-to-end lifecycle of technology and information security policies (drafting through retirement), ensuring documentation quality, governance compliance, inventory maintenance, and stakeholder coordination for timely updates and attestations.
Program Execution & Documentation Management: Drive standardization and digitization of policy documentation using templates and metadata, enforce version control and audit readiness, align content with risk/control frameworks, and support reporting on lifecycle status and compliance metrics.
Policy Consolidation & Rationalization: Identify and address overlaps, gaps, and redundancies across policies and procedures, supporting consolidation efforts to streamline frameworks and ensure alignment between policy intent and operational execution.
Stakeholder Engagement & Collaboration: Collaborate with cross-functional teams and SMEs to gather inputs, validate content, facilitate workshops, and guide stakeholders on policy governance, structure, and documentation standards.
QualificationsMandatory- Bachelor's degree is required
- 3-5 + years of experience in technology risk management, audit, or consulting
- Excellent project management skills, experience supporting documentation of policies, standards, and/or procedures in a regulated environment
- Familiarity with policy lifecycle processes and governance frameworks
- Outstanding written and verbal communication skills with excellent attention to detail. Advanced proficiency with Word, Excel, PowerPoint, and AI tools
- Ability to manage multiple priorities and meet deadlines in a fast-paced environment
Preferred Qualifications- Advanced degrees (e.g., MBA, MSc) or certifications are advantageous
- Previous technology/cyber risk experience and/or in financial services, banking, or other highly-regulated industries
- Experience in Policy Management, Risk & Control, Information Security Governance, Compliance, or related fields
- Experience with Information Security policy and program drafting, writing, and editing
- Exposure to regulatory and industry frameworks (e.g., GLBA, NYDFS, FFIEC, NIST, CRI Profile, ISO, PCI DSS)
- Experience with policy management or governance tools/workflows
- Experience with composing, reporting, and presenting information security / technology risk materials to varied audiences, including executive audiences
- Understanding of risk and control frameworks (e.g., RCSA, control libraries)
- Experience supporting audits or regulatory reviews
- Relevant certifications (e.g., CISA, CRISC, or similar) are a plus
