Policy Specialist

Within HPE, our Operations, Legal and Admin teams work across the business, providing visible accountability and measurable outcomes. With a variety of roles and responsibilities these teams really connect the dots, giving us the essential insights, support and capability to accelerate our transformation to be the world’s edge to cloud company. Join us redefine what’s next for you.

What you'll do:

About You

You will have expertise in policy creation and lifecycle management, and familiarity with the interdependencies between policy, compliance, and risk management. Your knowledge of various common compliance frameworks used globally will enhance your work. You will work independently and on high-impact projects in fast-paced environments, with advanced expertise across cyber and IT security.

Your experience with GRC tools will be critical. Strong communication skills are essential, enabling you to explain complex technical issues to non-technical audiences.

You will be responsible for

• Support the Cybersecurity Policy Refresh Program by helping rewrite and modernize existing policies, standards, and procedures to align with the organization’s chosen control framework.

• Understand and articulate the relationship between policies and controls — ensuring policy content accurately reflects control intent and operational feasibility.

• Collaborate with subject matter experts (SMEs) across Cybersecurity, IT, and Product teams to gather input for policy updates, lifecycle management, and alignment with control assessments.

• Support specification audits by reviewing and analyzing technical documentation, verifying policy-to-specification consistency, and tracking updates through their lifecycle.

• Manage and respond to policy-related inquiries from across the organization — including ambiguous or “oddball” questions — by providing clear, accurate, and well-reasoned guidance.

• Assist with audit and assessment activities, including gathering policy evidence, mapping controls, and preparing documentation for internal and external audits.

• Help maintain the policy inventory, versioning, and review cadence, ensuring policies remain current and traceable to applicable frameworks and standards.

Education & Experience Requirements

Required:

• Bachelor’s degree in Cybersecurity, Information Systems, Public Policy, or a related field.

• 7+ years of experience in cybersecurity governance, compliance, or policy functions.

• Ability to translate technical concepts and control requirements into concise and understandable policy language.

• Familiarity with frameworks such as NIST CSF, ISO 27001, Secure Controls Framework (SCF), and SOC 2.

• Strong analytical, research, and writing skills.

Preferred:

• Experience supporting policy lifecycle management, control assessments, or audit readiness activities.

• Exposure to technical security domains, such as identity and access management, vulnerability management, or cloud security.

• Certifications such as Security+, ISO 27001 Lead Implementer, GRC Professional, or equivalent.