IT Standards & Control Framework Analyst

About the role 

The IT Standards & Control Framework Development Analyst supports the development, maintenance, and continuous improvement of Haleon’s Digital & Technology Written Standards and the Technology Control Framework. Working under the direction of the Standards & Control Framework Development Lead, the Analyst performs detailed analysis, 

content drafting, control mapping, document lifecycle management, and cross-functional coordination to ensure standards and controls are accurate, current, risk-based, and aligned with regulatory and audit expectations. 

The role helps translate regulatory obligations (SOx, ITGC, GxP, GDPR, cybersecurity regulations) into well-structured, clear, and adoptable standards and control requirements. It supports master control creation and maintenance in the enterprise GRC platform and ensures consistent alignment across requirements, Written Standards, and control design elements. The Analyst assists in simplifying documentation, rationalising duplicative requirements, and ensuring standards remain relevant, accessible, and operationally practical across engineering, security, operations, and risk teams. 

Role Responsibilities 

• Foundational understanding of IT risk management, internal controls, and compliance frameworks (SOx, ISO27001, NIST, GxP). 

• Working knowledge of IT processes, IT general controls (ITGCs), cybersecurity principles, and digital product /engineering operating models. 

• Ability to interpret regulatory and compliance requirements and support conversion into clear standards and control definitions. 

• Familiarity with GRC platforms, metadata structures, and master control frameworks.  

• Understanding of documentation standards, version control, and lifecycle management for policy and standard governance.  

• Capability to analyse complex requirements and distil them into structured, concise, and consistent standard content 

• Contributes to enterprise-wide governance by improving the quality and consistency of D&T Written Standards and the Control Framework. 

• Impacts how compliance, cybersecurity, risk management, engineering, and operational teams adopt and implement standards. 

• Supports Haleon’s ability to maintain regulatory adherence, meet audit expectations, and operate a clear and coherent control environment. 

• Improves internal efficiency through better documentation quality, simpler controls, and structured lifecycle processes 

• Works closely with the Standards & Control Framework Development Lead for direction, prioritisation, and quality review. 

• Collaborates with engineering teams, security, privacy, risk & compliance, internal audit, quality, and GRC tooling teams to gather inputs and ensure documentation accuracy. 

• Communicates clearly and professionally to support understanding and adoption of standards across diverse technical and non‑technical audiences. 

• Requires strong analytical writing skills and the ability to simplify complex regulatory content into structured, readable standards. 

• Must coordinate across multiple teams to ensure standards and controls remain aligned and consistently applied. 

Why you? 

Basic Qualifications: 

• Bachelor’s degree in Information Systems, Technology, Cybersecurity, Risk Management, or related discipline.  

• Experience in IT governance, IT controls, or standards / policy development.  

• Understanding of regulatory or compliance frameworks (SOx, privacy, cybersecurity) 

• Experience supporting document lifecycle management or operating within structured governance frameworks.  

• Experience working with GRC platforms or control framework 

Preferred Qualifications: 

• 5–7 years in IT risk, technology governance, compliance, or cybersecurity functions. 

• Experience in large, global or regulated environments (healthcare, consumer health, pharmaceuticals). 

• Exposure to control rationalisation, simplification, or standards harmonisation efforts. 

• Certifications from top accredited risk management bodies (ISACA, IRM, GARP, PMI).