GRC Security Expert
Playtech's Governance Risk and Compliance Unit is looking for a GRC Security Expert with excellent communication and problem-solving skills.
The role involves defining, establishing and implementing organisational information security processes to ensure business, regulatory, legislative and contractual requirements and obligations are met.
The successful candidate will manage internal and external ISMS audit processes, monitor the effectiveness of controls and corrective actions in cooperation with stakeholders across the organisation.
Responsibilities include managing gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS and other regulatory security audits. The role also requires coordinating external security audits, assessments and testing, as well as developing and implementing remediation plans.
Identifying, assessing and monitoring information security risks and recommending mitigation measures are key aspects of the position. The GRC Security Expert will also develop content, coordinate and facilitate a comprehensive organisational information security awareness training program.
Furthermore, the role involves managing security requirements with third parties, including due diligence of product and service providers and ensuring information security requirements clauses are included in service provision agreements and contracts.
The GRC Security Expert will develop, coordinate and maintain information security policies, procedures and other security-related documents. They will also analyse, map and communicate information security requirements derived from legislative and regulatory obligations in various jurisdictions.
Serving as a project manager or lead within security projects and continually improving and updating knowledge to accommodate changes to the company’s regulatory environment and needs are also part of the role.
- Define, establish and implement organisational information security processes to ensure business, regulatory, legislative and contractual requirements and obligations are met.
- Manage the internal and external ISMS audit processes, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organisation.
- Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS and other regulatory security audits.
- Coordinate external security audits, assessments and testing as well as remediation plans development and implementation.
- Identify, assess and monitor information security risks and recommend mitigation measures.
- Develop content, coordinate and facilitate a comprehensive organisational information security awareness training program.
- Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts.
- Develop, coordinate and maintain information security policies, procedures and other security related documents.
- Analyse, map and communicate information security requirements that derive from legislative and regulatory obligations in various jurisdictions.
- Serve as project manager/lead within security projects.
- Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.
- Proven experience (3+ years) across security governance, risk and compliance domain (required)
- Strong communication skills and ability to interact professionally with a diverse group including executive management, managers and subject matter experts (required)
- Strong management skills, leading people, delegating tasks, setting goals and ensuring objectives are met in continuous and deadline-oriented activities (required)
- Experience in leading PCI DSS ISO 27001:2022 and SOC/ISAE402 certification and surveillance audits as well as leading and supporting information security risk assessments and management process (required)
- Bachelor’s Degree in Information Security, Information Assurance, Computer Science, Cybersecurity, Risk Management or equivalent work experience (required)
- Professional certification (CISSP/CISM and ISO 27001 Lead Implementer/Auditor or similar) (required)
- A pro-active, self-motivated approach and ability to work independently within a global security team (required)
- Very good written and spoken English (required)
- Prior experience working within a SaaS/Online Gambling organisation (nice-to-have)
- Technical experience in IT infrastructure, networks, databases, or software development (nice-to-have)
Playtech plc is one of the world's largest gambling technology companies, providing software, platforms and content to online and land-based operators. Founded in 1999 and registered in the Isle of Man, it supplies casino, live casino, sportsbook, bingo and poker products, along with its IMS player-management platform. The company also runs B2C operations, most notably the Snaitech business in Italy. Listed on the London Stock Exchange, Playtech employs thousands of people across offices worldwide.
