Security Governance & Assurance Analyst
An exciting opportunity has opened up for a Security Governance and Assurance Analyst to join the team, initially as a 6-Month Fixed-Term Contract covering maternity leave. Reporting into the Senior Governance & Assurance Manager – UKI, the Security Governance and Assurance Analyst will be responsible for the day to day delivery of the tech workstream for Flutter UKI’s audits and assessments. This may include ISO 27001, Sarbanes-Oxley (SOX), NIST, PCI DSS in addition to other 2nd and 3rd line internal assessments. This position will work with stakeholders to ensure the regulatory demands upon the Tech teams are delivered, working closely with key internal and external stakeholders including auditors to ensure compliance. The Security Governance and Assurance Analyst will independently manage the assessments, working with 2nd and 3rdline teams to ensure requests are sent out in a timely manner, evidence is received and meets the standard required for evidential assurance. They will facilitate conversations between 2nd and 3rd line stakeholders and Flutter UKI Tech teams and oversee the delivery of any remedial action. The role will work closely with the ISMS & Policy Manager on the coordination of Compliance programmes and define and operationalise 1st line security controls and reporting within UKI. In addition, the role will help to drive the creation, review and adoption of InfoSec policies and standards. The role requires a significant level of engagement across the UKI Infosec team and other stakeholders in the division & Group, some of which are in multiple global locations. Therefore, there is an expectation of travel with this role, as required.
- Responsible for day-to-day delivery of some of Flutter UKI's external compliance programmes, which may include ISO 27001, PCI DSS and SOX.
- Responsible for facilitation of some of our other second and third line audits e.g. NIST CSF 2.0, Internal Audit, UKI Risk & Assurance assessments.
- Assisting the ISMS & Policy Manager as required with the ISO 27001 audits and the creation, annual review cycle, withdrawal of policies and standards.
- Understands the UKI Tech & Infosec principles and supports the team in delivering on these.
- Solid understanding of regulatory compliance frameworks such as Sarbanes-Oxley, PCI DSS, ISO27001, NIST CSF 2.0, GDPR (required).
- Experienced in successfully delivering and facilitating multiple projects / pieces of work simultaneously, re-prioritising as appropriate to meet deadlines with a pragmatic approach (required).
- Well versed in risk management and has a sound understanding of how controls are implemented in line with business risk appetite & regulatory need (required).
- Can demonstrate the communication of complex technical matters to both tech/non-tech audiences, both internally and externally (auditors) (required).
- Can easily navigate internal/external audit & compliance engagements, along with supporting controls testing & evidencing requirements (required).
- Ability to identify key issues & can communicate them to stakeholders leveraging colleagues as needed to find solutions (required).
- Understand the people & cultural aspects to information security (required).
- Assertive, results orientated and good attention to detail (required).
Flutter Entertainment is the world leader in online sports betting and iGaming, operating some of the most innovative, diverse and distinctive brands in the sector. The UK & Ireland region of Flutter unites some of the biggest brands in the betting and gaming industry; Betfair, Paddy Power, PokerStars, Sky Betting & Gaming and tombola - bringing together hundreds of teams and thousands of colleagues who create trusted entertainment for millions of customers every week.