2,614 Open roles
98 Companies
54 Posted today
Jobs / OpenBet / Senior Manager Security GRC
Posted 2026-05-26

Senior Manager Security GRC

Description

OpenBet is seeking a GRC Senior Security Manager to strengthen its growing Cyber Security team. This position requires a seasoned security professional with a proven track record in GRC leadership and team management. Reporting directly to the Global Cyber Security Director, you will be Managing OpenBet’s GRC team, driving governance, risk and compliance ensuring the organization’s cyber resilience. The Cyber Governance, Risk & Compliance (GRC) Senior Security Manager is a senior leadership role within the Cyber Security job family. This position is suited for a proven security professional with strong experience leading governance teams and shaping security governance and operational strategy. The Senior Manager will lead the performance of the GRC function, ensuring alignment with organizational security strategy, regulatory obligations, and operational excellence. This leader will drive security governance frameworks, manage risk, ensure compliance, and support the effective operation of the broader security organization, acting as a strategic partner across business and technology domains.

Responsibilities
  • Leading the GRC team and ensuring its success.
  • Ensuring the design, implementation, and continuous improvement of security governance frameworks, policies, standards, and controls.
  • Overseeing risk management processes including identification, assessment, mitigation, and reporting of security and technology risks.
  • Ensuring maintenance of certifications and audit reports
  • Support cross-functional compliance initiatives, external audits, certifications, and regulatory assessments.
  • Ensure that engineering best practices—including secure development, incident management, CI principles, and fast feedback loops—are embedded across teams.
  • Report to the Global Cyber Security Director and collaborate closely with other technical and nontechnical teams to successfully deliver projects from a cyber secuirity grc perspective.
  • Lead and mentor a team of cybersecurity GRC professionals, fostering a culture of excellence and continuous improvement.
  • Deliver team and personal KPIs, ensuring operational performance aligns with company targets.
  • Lead the implementation, maintenance, and continual improvement of ISO-based management systems, including but not limited to ISO 27001, ISO 27017, ISO 27018 and additional ISO & various certifications where applicable
  • Lead end-to-end lifecycle of internal and external ISO audits, including planning, evidence collection, gap analysis, corrective actions, and audit readiness.
  • Oversee SOC 1 and SOC 2 audit & reporting requirements, ensuring controls are designed, implemented, tested, and documented consistently to meet Type I and Type II expectations.
  • Actively participate in a 'Follow-the-Sun' operational model, occasionally shifting working hours to align with international clients, cross-border stakeholders, and regional regulatory timelines.
  • Manage cross‑functional coordination with auditors, owners of controls, engineering teams, and operations to ensure timely and accurate audit responses.
  • Lead preparation and submission activities for WLA (World Lottery Association) Security Control Standards audits, ensuring alignment with WLA‑SCS requirements and maintaining certification readiness.
  • Ensure outputs from all audits (ISO, SOC, WLA) feed into continuous improvement cycles, security risk registers, and executive reporting.
  • Maintain audit schedules, external assessor relationships, frameworks documentation, and compliance reporting dashboards.
  • Support customer discussions around security posture, compliance certifications, SOC reports, audit outcomes, and risk assurance.
  • Lead the enterprise-wide Cyber Risk Management Framework, ensuring it is consistently applied across business units and technology domains.
  • Lead all phases of risk management, including identification, assessment, scoring, mitigation planning, tracking, and reporting.
  • Oversee risk quantification where applicable (e.g., FAIR-based methods) to translate technical risks into business impact.
  • Ensure risks are tied to business processes, product lines, service availability, and customer obligations.
  • Maintain and continuously mature the corporate Risk Register, ensuring timely updates, clear ownership, and executive‑level reporting.
  • Establish and monitor Key Risk Indicators (KRIs) and metrics that provide meaningful insights into security posture.
  • Ensure systematic control testing, maturity assessments, and assurance activities are executed across the organization.
  • Drive cross-functional risk treatment plans, ensuring progress, accountability, and risk reduction aligned with strategic priorities.
  • Provide expert guidance to product, engineering, and operations teams on emerging risks, threat exposure, and policy gaps.
  • Drive the Cyber Security Third‑Party Risk Management (TPRM) and Vendor Security Assurance program end-to-end.
  • Lead the evaluation of third‑party suppliers, cloud providers, hosting partners, and managed services using cyber risk‑based methodologies.
  • Ensure ongoing security assessments are performed for all critical vendors, including security questionnaires, evidence reviews, and control testing.
  • Ensure security requirements are incorporated into contractual agreements
  • Collaborate with Legal, Procurement, and Finance to align contractual, compliance, and commercial terms with security expectations.
  • Manage security aspects of exit and transition plans for vendor offboarding, ensuring data protection and service continuity.
  • Provide customer‑facing assurance regarding supplier security controls and dependencies.
  • Maintain strong day-to-day operational oversight of the GRC team.
Requirements
  • Bachelor’s degree in Computer Science, Information Security - Cybersecurity, or related field (required).
  • Master’s degree in Cybersecurity or related discipline (preferred).
  • Minimum 8-10 years in cybersecurity, with at least 3-4 years in a leadership role.
  • Preferred Security Certifications: CISSP (Certified Information Systems Security Professional) CISM (Certified Information Security Manager) CISA (Certified Information Security Auditor) CCSP (Certified Cloud Security Professional) ISO 27001| Lead implementer / Lead Auditor ISO 27017 | Lead implementer / Lead Auditor ISO 27018 | Lead implementer / Lead Auditor
  • Strong project management skills with excellent stakeholder communication and ability to operate in a global, fast-paced environment with multiple priorities.
  • Advanced analytical and decision-making capabilities under pressure.
  • Deep understanding of security governance, audit, risk and compliance models.
  • Hands-on experience with security governance frameworks & certifications including implementation and audit.
  • Knowledge of cybersecurity frameworks and regulations applicable to the sports betting industry (e.g. GLI-33, WLA, ISO 27001, SOC Type 2 etc.)
  • Ability to support cyber resilience in high-performing, high-availability environments.
  • Customer-focused mindset with commitment to improving customer experience.
  • Proficient in English (written and spoken).
Benefits
  • Attractive benefits, an open and supportive environment as well as a modern and exciting workplace
  • The opportunity to interact with global teams on a regular basis as you and our business continues to develop & grow
  • Tangible and genuine development - at OpenBet, you can take your career where you want it to go!
  • enjoy flexible working whilst we provide you with the guidance and development skills you need to progress and enhance your career