Risk and Compliance Officer

Watford, England, United Kingdom

Allwyn UK

We are Allwyn UK, the operator of The National Lottery.

View company page

Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.

About us:

We are the new operators of the UK’s National Lottery license from February 2024. Join us as over the next year we embark on a largescale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to Good Causes.  

As one of the UK largest brands you’ll have a once in a lifetime opportunity to work with one of the UK biggest media budgets.  
Once-in-a-lifetime opportunities exist for people from within and outside the betting and gaming industry to join us play a part in giving the National Lottery a fresh start. Allwyn is part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy. 

Team Description:

The Allwyn’s security team’s  purpose is to protect the integrity of the National Lottery and to do so we work in a heavily regulated environment and have to secure one of the most visited websites in the UK, a very large retail channel and numerous back office systems spread across both on premise datacentres and in the cloud.

Purpose of Role:


The Risk and Compliance Officer is a vital part of the Security Governance, Risk and Compliance team. This role will be responsible for:


  • Undertaking risk assessments and managing the local and functional risk registers. Ensuring risks are identified, raised and managed in accordance with the Enterprise Risk Management Framework, actions are agreed and delivered on time, and information is kept up to date and accurate
  • Managing and maturing the Third party Risk Management Policy and Framework
  • Providing support and oversight with regards to the Identity and Access Management Framework, ensuring high quality output and access control findings are remediated within a timely manner
  • Ensuring Allwyn remains compliant with the relevant legislative, regulatory and business requirements, as well as any latest versions of the frameworks/ standards/ requirements (such as; Licence 4, ISO27001, WLA:SCS, PCI-DSS and DPA 2018)
  • Facilitating, managing and being part of security and privacy audits (both internally and externally). Ensuring evidence is readily available - and findings / areas of improvements are implemented into BAU in order to mitigate the risks associated
  • Secretariat for Governance Committees whilst collating information, metrics and support writing the relevant governance papers 
  • Enhancing Alwyn's Security culture by conducting ongoing training and awareness of various related threat topics.

Skills & Experience:


This role will be well suited to someone who has experience and knowledge working within Information Security, risk and compliance for a while leading on all aspects of GRC including:


  • Ability to demonstrate good understanding in the field of Information Security in terms of concepts, standards, frameworks and technologies
  • Good understanding of the UK Data Protection legislation and principles
  • Experience with security governance and compliance requirements (e.g. DPA, PCI-DSS, ISO27001)
  • Experience with working both individually with minimal supervision, and working as a part of larger teams on projects of varying complexities
  • Ability to articulate technical /complex or sensitive issues / risks to a wide audience and manage them in accordance with wider frameworks
  • An excellent level of attention to detail, and a strong sense of ownership
  • Demonstrable experience with learning and applying new concepts quickly
  • Thirst to learn


Highly desirable:

  • Information security management qualifications or degrees such as a BSC or MSC in Information Security - or CISM, CISSP or equivalent is highly desirable
  • Python knowledge / experience.

Here is our list of benefits:

  • 34 days paid leave (This includes bank holidays)
  • 2 x Life Days
  • 4 x Salary of Life Insurance
  • Pension: We’ll contribute 8.5%
  • BUPA
  • £500 wellness allowance
  • Income Protection


As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.

Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.

All data will be handled in accordance with our data policies and treated with utmost confidentiality.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits CISM CISSP Cloud Compliance Governance IAM ISO 27001 Privacy Python Risk assessment Risk management RMF

Perks/benefits: Career development Startup environment Wellness

Region: Europe
Country: United Kingdom
Job stats:  6  0  0
Category: Compliance Jobs

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.