Senior Policy Administrator

City of London
1 day ago
Create job alert

The Role

We are transforming our Information Security program from a compliance-based checklist to a dynamic, risk-based operation. We are looking for a Senior Policy Administrator to lead the modernization of our governance framework.This is not a clerical role. You will not just be formatting Word documents. You will be a strategic partner to our Security Architecture and Engineering teams, translating complex technical controls (Cloud Security, Identity, Zero Trust) into clear, enforceable standards. You will serve as the bridge between "What the Framework says" (NIST/TPN) and "What the Architecture does."Key Responsibilities1. Governance Framework Architecture

Build the Engine: Design and maintain the comprehensive hierarchy of Information Security documents (Policy \toStandard \toProcedure \to Guideline). Ensure the framework is scalable, searchable, and mapped to the NIST CSF 2.0 and ISO 27001 controls.

Lifecycle Management: Move beyond "annual reviews." Implement a continuous review cycle triggered by architectural changes or emerging threats, ensuring our standards never drift from reality.

2. Security Architecture Collaboration (Critical)

Technical Translation: Work side-by-side with Principal Security Architects to extract technical specifications (e.g., encryption algorithms, IAM protocols, cloud hardening baselines) and codify them into formal Security Standards.

Reality Checks: Challenge the status quo. If a proposed policy cannot be technically enforced by the Architecture team, you are responsible for flagging the gap and negotiating a realistic control or a formal risk exception.

Baseline Management: Assist Engineering in defining and documenting "Golden Image" and secure configuration baselines (CIS Benchmarks) that underpin the broader policy statements.

3. LogicGate & Tooling Administration

Platform Architect: Serve as the primary architect for our LogicGate Risk Cloud Policy Module. You will design the metadata schema, automated workflows, and approval routing logic.

Automated Assurance: Configure the tool to link Policies directly to Risks and Controls. When a Standard is updated, the tool should automatically flag related Risks for re-evaluation.

4. Compliance & TPN Alignment

TPN "Gold Shield": Ensure all policies meet the strict physical and digital security requirements of the Trusted Partner Network (TPN). You will be the authority on whether a policy change jeopardizes our "Gold Shield" status.

Audit Defense: Maintain a "state of readiness" where policies are tagged with evidence requirements, allowing for rapid export during client or regulatory audits.

Qualifications

Required Experience:

Experience: 5-8+ years in Information Security, GRC, or Technical Writing in a highly regulated technical environment.

Frameworks: Expert-level knowledge of NIST CSF 2.0, ISO 27001, and NIST 800-53. Familiarity with TPN (MPA) or SOC 2 is highly preferred.

Technical Fluency: You do not need to be a coder, but you must understand core security concepts (e.g., SAML  Container Security, Network Segmentation) well enough to debate standards with Engineers.

Skills & Competencies:

LogicGate / GRC Tools: Proven experience configuring and managing enterprise GRC platforms (LogicGate, ServiceNow, Archer, OneTrust).

Strategic Autonomy: Ability to manage the entire document lifecycle without micromanagement. You can sit in an Architecture Review Board meeting and identify policy impacts in real-time.

Communication: Exceptional written communication skills with the ability to strip away "legalese" and write policies that developers can actually read and follow.

Nice-to-Have:

Certifications: CISA, CRISC, CISM, or CISSP.

Experience in the Video Game, Media, or Software Development industries.

Why This Role?

You will be the "Legislator" of our security state. Instead of chasing signatures, you will be defining the rules of the road for a global creative organization. If you are tired of "paper compliance" and want to build a governance framework that actually improves security posture, this is the role for you

Related Jobs

View all jobs

Senior Security Administrator - Palo Alto

Senior Administrator

Azure System Administrator

Vetting & Security Administrator

Vetting & Security Administrator

Vetting & Security Administrator

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.