Senior Information Security Manager

Posted 12 October by Playtech plc
Easy Apply Featured
Description

The Senior Manager, Governance, Risk Management, and Security Compliance (GRC) is a key role within the Playtech Global Information Security organization. This position is responsible for leading and framing IT risk management programs across the global Playtech enterprise business and technology landscape, with a focus on information security.

A crucial element of the Senior GRC Manager’s role is working with senior executives, line-of-business managers and other key decision makers to determine acceptable levels of residual IT risk for the company as a whole, and for various internal departments and organizations. This role is also responsible for delivering a clear understanding of the levers and choices to mitigate risks as appropriate. Core to a GRC function is the ability to ensure the strongest risk mitigating posture for the optimal set of investment choices, given a keen understanding of regulatory mandates and a complex business environment. This role reports to the CSO.

Your Role
  • Leads a global IT risk management team in the delivery of advisory services for Global Information Security Risk and Compliance programs. This includes services related to third-party risk, mergers & acquisitions risk, and Cybersecurity controls compliance (e.g., Payment Card Industry (PCI), General Data Protection Regulation (GDPR)), UKGC.
  • Manages internal/external IT security related compliance engagements and provides formal support for measuring the effectiveness of the Playtech’ Global Governance, Risk Management & Compliance Framework (based on NIST 800-53 and ISO 27001 Standards) This includes evaluating overall information technology risk and maintaining an active view on the actual, mitigated and residual risks in the global Playtech technology environment.
  • Works closely with Enterprise Operational Risk, Information Security, Compliance, Legal, Internal Audit and Data Privacy teams to develop and implement effective IT risk management and compliance practices.
  • Maintains meaningful and sustainable Global IT Risk and Compliance performance reporting (key risk/performance indicator metrics) and monitors thresholds for exceptions.
  • Identifies and implements continuous improvement initiatives within the Global Information Security Risk programs.
  • Monitors and reviews regulatory updates and issues relative to pertinent security regulatory requirements (such as GDPR, PCI, UKGC and NIST 800-53) and apprises Global Information Security leadership as appropriate.
  • Management, identification and assessment of security risks for the company whether it is internal or external and recommend remediation and corrective actions.
  • Address questions from internal and external audits and examinations.
  • Develop standards that meet different regulatory requirements including ISO27001, PCI-DS
  • Facilitate security/risk training curriculum.
  • Serve as project manager/lead within security projects.
  • Promote and develop awareness for different security risks and best practices across the company.
  • Recommending security enhancements and purchases.
  • Manage security risk analysis, and implement mitigation measures
  • Effectively communicate cybersecurity risk management strategies, initiatives and issues that resonate with the vision, strategy, and direction of the Security program.
  • Support and the Security Risk Assessment function through the delivery of solutions and services.
Experience Required
  • Bachelor’s Degree, Information Systems, Computer Science, Information Security, or similar.
  • Professional security management certification, such as a Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is required.
  • Excels in both verbal and written communications with all levels of staff including management, executives, auditors, finance, legal, IT staff and third parties, in matters related to IT risk, compliance, and audit requirements and remediation. Effective presentation skills are essential to this role.
  • Demonstrable experience of Information Security Compliance programs and industry leading practices/ frameworks including ISO 27001, PCI, NIST 800-53, GDPR and UKGC
  • IT security or information security experience with a proven ability to engage with Senior Management, clients and regulators.
  • Previous experience of conducting security assessments against a security framework (ISO27001:2012, SSAE16, COBIT, PCI-DSS etc.)
  • Highly knowledgeable of governance, risk, and compliance systems and experience implementing a GRC framework in a complex, multi-national environment.
  • Exceptional working relationships with the business, and a broad understanding of business processes required to translate technical issues into business-related decision points. Ability to proactively understand, assess and document key IT risks and controls across operational and information security domains.
  • Proven experience in administering security controls in an organization.
  • Knowledge of technical infrastructure, networks, databases and systems in relation to Security and Risk.
  • Expert Project management skills
  • Business process expertise
About Playtech

Playtech is a leading software provider for online gaming operators and can be positively considered as one of the pioneers of the worldwide online and land-based gaming industry. Company's business portfolio consists of the most prominent names in the business, including Bet365, William Hill, PaddyPower, Gala, Coral, Betclic, Winner, Betfair, Poker770, etc. Behind the eminent success of Playtech's products and services there are around 5,000 people located in 14 countries, the majority of whom are engaged in research and development of current and future gaming technologies. For additional information on Playtech, and the Playtech Group of companies, please visit http://www.playtech.com

Reference: 36346321

Bank or payment details should not be provided when applying for a job. reed.co.uk is not responsible for any external website content. All applications should be made via the 'Apply now' button.

Report this job