Log In
Sign Up
The IT Policy and Procedure Lead is responsible for overseeing the creation, management, and enforcement of IT policies, standards, and procedures that support the organization’s strategic, regulatory, and operational objectives. This role plays a critical function in ensuring that IT operations are compliant, secure, consistent, and aligned with industry best practices and internal governance frameworks.
Key Responsibilities:
Policy Development & Governance
Develop, document, and maintain IT policies, standards, guidelines, and procedures.
Establish a policy framework that ensures all documents are consistent, easy to understand, and aligned with legal and regulatory requirements.
Collaborate with IT, legal, compliance, audit, and business units to identify policy needs and ensure broad alignment and understanding.
Manage policy lifecycle including creation, review, approval, distribution, training, and periodic audits.
Regulatory & Standards Compliance
Ensure IT policies comply with relevant laws, standards, and regulations (e.g., GDPR, ISO 20001, ITIL, COBIT2019, HIPAA, ISO 27001, NIST, PCI-DSS).
Conduct gap analyses and coordinate updates to policies in response to new or updated regulations.
Support internal and external audits by providing policy documentation and evidence of compliance.
Risk Management & Control Assurance
Collaborate with IT Risk Management teams to integrate risk assessment outcomes into the policy framework.
Help ensure technical and organizational controls are well-documented, implemented, and communicated across teams.
Assist with the development and implementation of control measures to address non-compliance or policy deviations.
Communication, Training & Awareness
Lead communication and education campaigns around IT policies and compliance expectations.
Develop and deliver training sessions, workshops, and awareness materials for technical and non-technical audiences.
Act as the primary point of contact for policy inquiries, exceptions, and clarifications.
Continuous Improvement
Monitor technology trends and regulatory changes to proactively recommend policy updates.
Regularly evaluate the effectiveness of policies and procedures and identify areas for improvement.
Implement metrics and reporting to track policy compliance and awareness across the organization.
Required Qualifications:
Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Business Administration, or a related field.
Minimum 2-3 years of experience in IT governance, risk, compliance, or policy management.
Demonstrated experience in writing and managing technical documentation and regulatory compliance artifacts.
