Senior Security Governance and Assurance Analyst - Flutter UK&I, Hybrid

at  Flutter Entertainment

Senior Security Governance and Assurance Analyst - Flutter UK&I, Hybrid
Cyber Security Senior Specialist
Role purpose:
Reporting into the Governance & Assurance Manager – UKI, the Senior Security Governance and Assurance Analyst will be responsible for delivering the tech workstream for Flutter UKI’s Sarbanes-Oxley (SOX) and PCI DSS compliance programmes. This position has the lead role in ensuring the regulatory demands upon the Tech teams are delivered, working closely with key internal and external stakeholders including auditors to ensure compliance.
The Senior Security Governance and Assurance Analyst will work closely with the Internal Controls team and ensure SOX requests are sent out in a timely manner, evidence is received and meets the standard required for evidential assurance. They will facilitate conversations between Internal Controls and Flutter UKI Tech teams and oversee the delivery of any remedial action.
Subject to experience, the Senior Security Governance and Assurance Analyst will additionally manage the delivery of the PCI DSS programme for Paddy Power / Betfair, Sky Betting and Gaming and Paddy Power Retail and may be involved in other internal and external audit facilitation as required.
The role will work closely with the ISMS & Policy Manager on the coordination of Compliance programmes and help to define and operationalise 1st line security controls reporting within UKI.
The role requires a significant level of engagement across the UKI Infosec team and to other stakeholders in the division & Group, some of which are in multiple global locations. Therefore, there is an expectation of travel with this role, as required.

Accountabilities:

• Responsible for day-to-day delivery of Flutter UKI external compliance programmes including SOX and PCI DSS.
• Responsible for facilitation of second and third line InfoSec audits.
• Assisting the ISMS & Policy Manager as required with the ISO 27001 audits.
• Responsible for the delivery of the UKI PCI DSS Compliance programme activity.
• Understands the UKI Tech & Infosec principles and supports the team in delivering on these.

Experience & Skills:

• Solid understanding of regulatory compliance frameworks such as Sarbanes-Oxley, PCI DSS, ISO27001, GDPR
• Experienced in successfully delivering and facilitating multiple projects / pieces of work simultaneously, re-prioritising as appropriate to meet deadlines with a pragmatic approach.
• Well versed in risk management and has a sound understanding of how controls are implemented in line with business risk appetite & regulatory need
• Can demonstrate the communication of complex technical matters to both tech/non-tech audiences, both internally and externally (auditors).
• Can easily navigate internal/external audit & compliance engagements, along with supporting controls testing & evidencing requirements.
• Ability to identify key issues & can communicate them to stakeholders leveraging colleagues as needed to find solutions.
• Understand the people & cultural aspects to information security.
• Assertive, results orientated and good attention to detail.

What you can expect:

• 25 days of annual leave
• Sharesave scheme
• „Flexible Benefits” of your choice
• Private health insurance (includes dental insurance and health assessments)
• Free parking
• Thousands of courses online through ‘Udemy’

Ways of working:
Flexible working is our way of working! We’re a diverse workforce and therefore a ’one size fits all’ approach isn’t necessarily best. Whatever your personal needs may be, let’s have a chat and see how we can accommodate them;
We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.
By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful,
your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective role within the company.

Please refer the Job description for details