For setting the Java security policy settings for Java applications running in a TXSeries region, user needs to set those in java.policy file located at /usr/lpp/cics/_jvm/lib/security/java.policy file. As this change is at _jvm level, all the process using the java inside /usr/lpp/cics/_jvm will impact this setting.
If user intend to restrict the scope of security policy setting to applications running inside a specific region, user can set CICS_JAVA_OPTIONS environment variable in region environment file. (/var/cics_regions/<REGION_NAME>/environment).
For setting the following security policy, add the following line in /var/cics_regions/<REGION_NAME>/java.policy
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"
For more information on CICS_JAVA_OPTIONS settings, refer