Security Governance

About Betfair Romania Development
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world's leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.

Our Values
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.

Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter UKI
Flutter UK & Ireland are the UKI region of Flutter Entertainment. They unite a dozen brands including powerhouses Paddy Power, Betfair, Tombola and Sky Betting & Gaming, bringing together hundreds of teams and thousands of colleagues, who create trusted entertainment for millions of customers every week.

Role Purpose
Reporting into the Senior Governance & Assurance Manager – UKI, the Senior Security Governance and Assurance Analyst will be responsible for delivering the tech workstream for Flutter UKI's Sarbanes-Oxley (SOX) and potentially PCI DSS compliance programmes. This position has the lead role in ensuring the regulatory demands upon the Tech teams are delivered, working closely with key internal and external stakeholders including auditors to ensure compliance.

The Security Governance and Assurance Manager will work closely with the Internal Controls team and ensure SOX requests are sent out in a timely manner, evidence is received and meets the standard required for evidential assurance. They will facilitate conversations between Internal Controls and Flutter UKI Tech teams and oversee the delivery of any remedial action.

Subject to experience, the Security Governance and Assurance Analyst will additionally manage the delivery of the PCI DSS programme for Paddy Power / Betfair, Sky Betting and Gaming and Paddy Power Retail and may be involved in other internal and external audit facilitation as required.

The role will work closely with the ISMS & Policy Manager on the coordination of Compliance programmes and help to define and operationalise 1st line security controls reporting within UKI.

The role requires a significant level of engagement across the UKI Infosec team and to other stakeholders in the division & Group, some of which are in multiple global locations. Therefore, there is an expectation of travel with this role, as required.

Accountabilities

• Responsible for day-to-day delivery of Flutter UKI external compliance programmes including SOX.
• Responsible for facilitation of second and third line InfoSec audits.
• Assisting the ISMS & Policy Manager as required with the ISO 27001 audits.
• Responsible for the delivery of the UKI PCI DSS Compliance programme activity (subject to experience).
• Understands the UKI Tech & Infosec principles and supports the team in delivering on these.

Experience & Skills

• Solid understanding of regulatory compliance frameworks such as Sarbanes-Oxley, PCI DSS, ISO27001, GDPR
• Experienced in successfully delivering and facilitating multiple projects / pieces of work simultaneously, re-prioritising as appropriate to meet deadlines with a pragmatic approach.
• Well versed in risk management and has a sound understanding of how controls are implemented in line with business risk appetite & regulatory need
• Can demonstrate the communication of complex technical matters to both tech/non-tech audiences, both internally and externally (auditors).
• Can easily navigate internal/external audit & compliance engagements, along with supporting controls testing & evidencing requirements.
• Ability to identify key issues & can communicate them to stakeholders leveraging colleagues as needed to find solutions.
• Understand the people & cultural aspects to information security.
• Assertive, results orientated and good attention to detail.

Competencies Required

• Hungry for Results: Achieves results at pace with energy and drive; consistently achieves and exceeds expectations; takes accountability and always delivers on what has been promised; action orientated, agile in approach, calls out when things go wrong; sets stretch goals and holds self and others to high standards of performance; demonstrates rigour and commitment to activities; always acts with integrity and invests in building trust with all stakeholders.
• Wins Together: Is a team player- by working collaboratively is able to establish and engage networks to achieve shared objectives; acting as a key support whenever possible; effectively communicates and shares information to ensure others are fully informed; praises others for their contributions and accomplishments; gains trust and support of others.
• Resilient: Maintains excellent composure and professionalism even in very difficult situations; confident under pressure, handles and manages crises effectively; bounces back from setbacks and acts as a role model for others; maintains a positive attitude despite adversity; skilfully handles challenges and obstacles applying insights from others and lessons learned from mistakes.
• Game changer: Remains curious and generates new and useful ideas or solutions to solve challenges; is open to innovations and gets involved in unfamiliar tasks or new areas; learns new methods, tools and technologies and applies them to work.
• Nimble: Quickly understands and adapts well to new and unfamiliar situations or challenges; consistently performs experiments to find the best solution; learns from others' experiences and shares lessons learned from own mistakes; is transparent about failure and views mistakes as opportunities to learn.
• Quality decision maker: Considers all relevant factors and uses appropriate decision-making criteria and principles; takes smart, independent action in urgent and unusual situations; collaborates effectively to speed up decision making and clearly understands when to escalate to others; shares ideas and applies insights from experienced team members on how to address new situations; comfortable giving opinions and takes decisive action; strives for excellence.
• Effective communicator: Is effective in a variety of communication settings; one-on-one, F2F, virtual meetings, small and large groups, or among diverse styles; actively listens to others and takes opinions and ideas on board; demonstrates humility in their dealings with others; provides timely and helpful information to others across the organisation.

Benefits

• Hybrid & remote working options
• €1,000 per year for self-development
• Company share scheme
• 25 days of annual leave per year
• 20 days per year to work abroad
• 5 personal days/year
• Flexible benefits: travel, sports, hobbies
• Extended health, dental and travel insurances
• Customized well-being programmes
• Career growth sessions
• Thousands of online courses through Udemy
• A variety of engaging office events

Disclaimer
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we're part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we'll see how we can accommodate them.

We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.

By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.