La posizione è aperta all'interno del team di Leonardo.Scopra di più sui compiti quotidiani, le responsabilità generali e l'esperienza richiesta per questa opportunità scorrendo subito verso il basso.**Job Description:**Leonardo is an international industrial group and one of the world's leading players in Aerospace, Defense, and Security, specializing in multi-domain technological capabilities in the fields of Helicopters, Aircraft, Aerostructures, Electronics, Cyber Security, and Space.With over 60,000 employees worldwide, the company has a strong industrial presence in Italy, the United Kingdom, Poland, and the United States, and operates in 150 countries, including through subsidiaries, joint ventures, and investments.A key player in major global strategic programs, it is a technological and industrial partner for governments, defense administrations, institutions, and businesses.**GCAP Program**Leonardo is one of the strategic industrial partners in the GCAP (Global Combat Air Program), alongside the UK's BAE Systems and Japan's Mitsubishi Heavy Industries, aimed at developing and delivering a next-generation air system, defined as a "system of systems." Used for multi-domain defense operations, the system will feature a "core platform" connected to other peripheral systems, or "adjuncts," both manned and unmanned.This program, one of the most challenging and visionary for the aerospace and defense industry, will drive the technological revolution that will define the sector for the next fifty years.It is a challenge aimed at strengthening the technological and industrial sovereignty of the participating countries, as it focuses on identifying and making available enabling technologies that will ensure a generational leap, generating positive returns and economic and social progress for the entire country system, benefiting future generations.Those working on this program will have the opportunity to access a professional growth path in an international and technologically advanced environment.**JOB TITLE:**Within the Joint Venture established for the **GCAP Program, we are looking for a Policy Framework Specialist for the GCAP Headquarters located in Reading (UK).****JOB OBJECTIVE:**The Policy Framework Specialist is responsible for developing, updating, and aligning Edgewing's cybersecurity policy framework with regulatory requirements, industry standards, and best practices.The role ensures that cybersecurity policies, standards, and controls are consistent, uniformly applied, and correctly mapped to external frameworks, fostering effective governance, assurance activities, and continuous improvement of the organization's cybersecurity posture.**RESPONSIBILITIES:**The resource will be part of the Governance function for the JV and will report directly to the Information & Cyber Policy Manager.**TASKS:*** Develop and maintain the organization's cybersecurity policy framework, along with standards and control documentation* Align cybersecurity policies and controls with major external frameworks and standards (e.G., ISO 27001, NIST, CIS)* Manage mappings between cybersecurity policies, regulatory requirements, and control frameworks* Support the cybersecurity policy lifecycle, including review, approval, and version management* Provide specialized advice on policy interpretation and alignment with reference frameworks* Support assurance, audit, and compliance activities through robust and structured framework documentation* Identify any gaps, overlaps, or inconsistencies within the cybersecurity policy framework* Monitor regulatory, legislative, and standards developments impacting cybersecurity* Prepare reports and documents to support governance committees and managerial levels* Collaborate with cybersecurity, risk management, compliance, and technical teams to ensure consistency and uniformity**REQUIREMENTS:****Education:** Degree or equivalent qualification in cybersecurity, information security, risk management, or related disciplines**Technical knowledge and skills:**Relevant professional certifications (or working towards), including:* CISSP, CISM, or CRISC* ISO 27001 Lead Implementer or Lead Auditor* CISA or similar assurance-related certifications**Essential requirements:*** Experience working with cybersecurity frameworks and standards* Solid experience in developing cybersecurity policies, standards, or controls* Ability to interpret regulatory and framework requirements and translate them into practical and applicable controls* Excellent written communication and documentation skills* Strong analytical and organizational skills* Experience supporting cyber assurance, audit, or compliance reviews**Preferential requirements:*** Experience in regulated or particularly complex organizational contexts* Knowledge of data protection, privacy, or information governance frameworks* Familiarity with enterprise risk management and assurance models* Experience managing control libraries or using GRC tools* Understanding of cyber maturity models and benchmarking methodologies* Experience supporting policy harmonization across large organizations**Language skills:**Italian C2English C1**INTRODUCTION****Company Overview**Leonardo is an international industrial group and one of the world's leading players in Aerospace, Defense, and Security, specialized in multi-domain technological capabilities in the fields of Helicopters, Aircraft, Aerostructures, Electronics, Cyber Security, and Space.With over 60,000 employees worldwide, the company has a strong industrial presence in Italy, the United Kingdom, Poland, and the United States, and operates in 150 countries, including through subsidiaries, joint ventures, and investments.A key player in major global strategic programs, Leonardo is a technological and industrial partner for governments, defense administrations, institutions, and businesses.**Introduction to GCAP:**Leonardo is one of the strategic industrial partners in the GCAP (Global Combat Air Program), alongside the UK's BAE Systems and Japan's Mitsubishi Heavy Industries.This program aims to develop and deliver a next-generation air system, defined as a "system of systems." Used for multi-domain defense operations, the system will feature a "core platform" connected to other peripheral systems, or "adjuncts," both manned and unmanned.This program, one of the most ambitious and forward-thinking in the aerospace and defense industries, will drive the technological revolution that will define the sector for the next fifty years.It is a challenge aimed at strengthening the technological and industrial sovereignty of the participating countries, as it focuses on identifying and making available enabling technologies that will ensure a generational leap.These technologies will generate positive returns, contributing to the economic and social progress of the entire nation, benefiting future generations.Those working on this program will have the opportunity to access a career growth path in an internationally competitive and technologically advanced environment.**JOB TITLE:**Within the GCAP Joint Venture Security, we are looking for a Policy Framework Specialist for GCAP HQ in Reading (UK).**JOB PURPOSE:**The Policy Framework Specialist is responsible for developing, maintaining, and aligning Edgewing's cyber security policy framework with regulatory requirements, industry standards, and best practice.The role ensures cyber policies, standards, and controls are coherent, consistently applied, and mapped to external frameworks, enabling effective governance, assurance, and continuous improvement of the organisation's cyber security posture. xdwybme **RESPONSIBILITIES:**The role will be part of the Governance function for the JV and will report directly to the Information & Cyber Policy Manager.**OBJECTIVES:*** Develop and maintain the organisation's cyber security policy framework, standards, and control documentation* Align cyber security policies and controls with external frameworks and standards (e.G.ISO 27001, NIST, CIS)* Maintain mappings between cyber policies, regulatory requirements, and control frameworks* Support cyber policy lifecycle management, including review, approval, and version control* Provide expert guidance on cyber policy interpretation and framework alignment* Support assurance, audit, and compliance activities through robust framework documentation* Identify gaps, overlaps, and inconsistencies within the cyber policy framework* Monitor regulatory, legislative, and standards developments impacting cyber security* Produce reporting and artefacts for governance and senior management forums* Collaborate with cyber security, risk, compliance, and technical teams to ensure consistency**REQUIREMENTS:****Qualification:** Degree or equivalent qualification in cybersecurity, information security, risk management, or a related discipline**Technical Knowledge and skills:**Relevant professional certification (or working towards), such as:* CISSP, CISM, or CRISC* ISO 27001 Lead Implementer or Lead Auditor* CISA or similar assurance-related certifications**Essential requirements:*** Experience working with cyber security frameworks and standards* Strong experience in cyber policy, standards, or control development* Ability to interpret regulatory and framework requirements and translate them into practical controls* Excellent written communication and documentation skills* Strong analytical and organisational skills* Experience supporting cyber assurance, audits, or compliance reviews**Desirable requirements:*** Experience working in regulated or complex organizational environments* Knowledge of data protection, privacy, or information governance frameworks* Familiarity with enterprise risk management and assurance models* Experience maintaining control libraries or GRC tools* Understanding of cyber maturity models and benchmarking* Experience supporting policy harmonisation across large organizations**Language skills:**Italian C2English C1**Seniority:** Expert**Primary Location:** IT- Roma- Via Montello**Contract Type:** Permanent**Hybrid Working:** Hybrid