Job Description
The Role
We are transforming our Information Security program from a compliance-based checklist to a dynamic, risk-based operation. We are looking for a Senior Policy Administrator to lead the modernization of our governance framework.This is not a clerical role. You will not just be formatting Word documents. You will be a strategic partner to our Security Architecture and Engineering teams, translating complex technical controls (Cloud Security, Identity, Zero Trust) into clear, enforceable standards. You will serve as the bridge between "What the Framework says" (NIST/TPN) and "What the Architecture does."Key Responsibilities1. Governance Framework Architecture
Required Experience:
You will be the "Legislator" of our security state. Instead of chasing signatures, you will be defining the rules of the road for a global creative organization. If you are tired of "paper compliance" and want to build a governance framework that actually improves security posture, this is the role for you.
We are transforming our Information Security program from a compliance-based checklist to a dynamic, risk-based operation. We are looking for a Senior Policy Administrator to lead the modernization of our governance framework.This is not a clerical role. You will not just be formatting Word documents. You will be a strategic partner to our Security Architecture and Engineering teams, translating complex technical controls (Cloud Security, Identity, Zero Trust) into clear, enforceable standards. You will serve as the bridge between "What the Framework says" (NIST/TPN) and "What the Architecture does."Key Responsibilities1. Governance Framework Architecture
- Build the Engine: Design and maintain the comprehensive hierarchy of Information Security documents (Policy oStandard oProcedure o Guideline). Ensure the framework is scalable, searchable, and mapped to the NIST CSF 2.0 and ISO 27001 controls.
- Lifecycle Management: Move beyond "annual reviews." Implement a continuous review cycle triggered by architectural changes or emerging threats, ensuring our standards never drift from reality.
- Technical Translation: Work side-by-side with Principal Security Architects to extract technical specifications (e.g., encryption algorithms, IAM protocols, cloud hardening baselines) and codify them into formal Security Standards.
- Reality Checks: Challenge the status quo. If a proposed policy cannot be technically enforced by the Architecture team, you are responsible for flagging the gap and negotiating a realistic control or a formal risk exception.
- Baseline Management: Assist Engineering in defining and documenting "Golden Image" and secure configuration baselines (CIS Benchmarks) that underpin the broader policy statements.
- Platform Architect: Serve as the primary architect for our LogicGate Risk Cloud Policy Module. You will design the metadata schema, automated workflows, and approval routing logic.
- Automated Assurance: Configure the tool to link Policies directly to Risks and Controls. When a Standard is updated, the tool should automatically flag related Risks for re-evaluation.
- TPN "Gold Shield": Ensure all policies meet the strict physical and digital security requirements of the Trusted Partner Network (TPN). You will be the authority on whether a policy change jeopardizes our "Gold Shield" status.
- Audit Defense: Maintain a "state of readiness" where policies are tagged with evidence requirements, allowing for rapid export during client or regulatory audits.
Required Experience:
- Experience: 5-8+ years in Information Security, GRC, or Technical Writing in a highly regulated technical environment.
- Frameworks: Expert-level knowledge of NIST CSF 2.0, ISO 27001, and NIST 800-53. Familiarity with TPN (MPA) or SOC 2 is highly preferred.
- Technical Fluency: You do not need to be a coder, but you must understand core security concepts (e.g., SAML Container Security, Network Segmentation) well enough to debate standards with Engineers.
- LogicGate / GRC Tools: Proven experience configuring and managing enterprise GRC platforms (LogicGate, ServiceNow, Archer, OneTrust).
- Strategic Autonomy: Ability to manage the entire document lifecycle without micromanagement. You can sit in an Architecture Review Board meeting and identify policy impacts in real-time.
- Communication: Exceptional written communication skills with the ability to strip away "legalese" and write policies that developers can actually read and follow.
- Certifications: CISA, CRISC, CISM, or CISSP.
- Experience in the Video Game, Media, or Software Development industries.
You will be the "Legislator" of our security state. Instead of chasing signatures, you will be defining the rules of the road for a global creative organization. If you are tired of "paper compliance" and want to build a governance framework that actually improves security posture, this is the role for you.
About Peregrine