Policy Support Lead

The Policy Support Analyst will be responsible for developing, implementing, and maintaining security policies, standards, and procedures to protect our information assets. This role requires a good understanding of security frameworks and regulatory requirements, as well as experience in Information Security.

The role is based in Reading and reports directly to the Head of Governance, Risk and Compliance. It demands independent work, fulfillment in a fast‑paced environment, and accountability for programme needs.

• Develop and maintain comprehensive security policies, standards and procedures across the organisation.
• Align all standards with applicable regulatory requirements and frameworks (e.g., ISO 27001, GDPR, NIS‑R).
• Review and update standards regularly in response to emerging threats and regulatory changes.

• Oversee the exception management framework, including reporting, approvals and reviews prior to expiry.
• Monitor compliance with security policies and standards across digital and business teams.
• Act as the primary point of contact for internal and external audits related to security standards.

• Coordinate the annual standards review cycle, ensuring timely updates and stakeholder engagement.
• Support the publication and socialisation of new or revised standards to ensure organisation‑wide awareness.
• Collaborate with cross‑functional teams to embed security best practices into digital processes.

• Build and maintain relationships with key stakeholders, including the CISO, CIO, architecture teams, programme delivery and business owners.
• Provide clear, engaging, and relevant communication and training around security standards.
• Deliver security messaging both in person and virtually, ensuring consistency and clarity.

• Track policy effectiveness and recommend enhancements to improve standard adoption and compliance.
• Stay informed of the latest security regulations, technologies and industry best practices to ensure standards remain current and effective.

Base location – Hybrid – Clearwater Court, Reading.
Working pattern – 36 hours Monday to Friday.

• Experience in information security or a related governance role.
• Experience applying security frameworks and regulatory requirements (CIS, GDPR, NIS‑R).
• Experience collaborating across multiple business areas and functional teams.
• Proven ability to work independently, with strong stakeholder management capabilities.

• Strong written and verbal communication skills with the ability to deliver complex messages clearly.
• Skilled in exception management, reporting and compliance monitoring.

• Experience maintaining security standards and exception frameworks.
• Exposure to information risk management processes and controls.

• Relevant certifications such as CISSP, CISM or CISA.

• Strong relationship building and collaboration skills.
• Excellent organisational and time management skills.
• Ability to influence stakeholders and drive compliance in a matrixed environment.

• Competitive salary up to £60,000 per annum, depending on experience.
• Annual leave – 26 days holiday per year, increasing to 30 with length of service (plus bank holidays).
• Performance‑related pay plan linked to company and individual targets.
• Generous pension scheme through AON.
• Access to health, wellbeing and financial benefits (annual health MOTs, physiotherapy, counselling, Cycle‑to‑Work, vouchers, life assurance).

Find out more about our benefits and perks.

We’re the UK’s largest water and wastewater company, serving over 16 million customers. We focus on building a better future for all – people, communities and the planet – and need passionate, skilled individuals to help us achieve that vision.

Thames Water is a highly rewarding and diverse place to work. Every day you can make a difference, enjoy flexible working arrangements, and benefit from excellent benefits.

We’re committed to being a great, diverse and inclusive workplace. We welcome all applicants and offer support throughout the recruitment process. If you need adjustments, let us know and we will accommodate you.

Real purpose, real support, real opportunities – join the Thames Water family. Learn more.

We will close the advert earlier than the advertised date due to high volume of applications. Apply soon to avoid disappointment.