Risk and Compliance Officer
Watford, England, United Kingdom
Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.
About us:
We are the new operators of the UK’s National Lottery license from February 2024. Join us as over the next year we embark on a largescale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to Good Causes.
As one of the UK largest brands you’ll have a once in a lifetime opportunity to work with one of the UK biggest media budgets.
Once-in-a-lifetime opportunities exist for people from within and outside the betting and gaming industry to join us play a part in giving the National Lottery a fresh start. Allwyn is part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy.
Team Description:
The Allwyn’s security team’s purpose is to protect the integrity of the National Lottery and to do so we work in a heavily regulated environment and have to secure one of the most visited websites in the UK, a very large retail channel and numerous back office systems spread across both on premise datacentres and in the cloud.
Purpose of Role:
The Risk and Compliance Officer is a vital part of the Security Governance, Risk and Compliance team. This role will be responsible for:
- Undertaking risk assessments and managing the local and functional risk registers. Ensuring risks are identified, raised and managed in accordance with the Enterprise Risk Management Framework, actions are agreed and delivered on time, and information is kept up to date and accurate
- Managing and maturing the Third party Risk Management Policy and Framework
- Providing support and oversight with regards to the Identity and Access Management Framework, ensuring high quality output and access control findings are remediated within a timely manner
- Ensuring Allwyn remains compliant with the relevant legislative, regulatory and business requirements, as well as any latest versions of the frameworks/ standards/ requirements (such as; Licence 4, ISO27001, WLA:SCS, PCI-DSS and DPA 2018)
- Facilitating, managing and being part of security and privacy audits (both internally and externally). Ensuring evidence is readily available - and findings / areas of improvements are implemented into BAU in order to mitigate the risks associated
- Secretariat for Governance Committees whilst collating information, metrics and support writing the relevant governance papers
- Enhancing Alwyn's Security culture by conducting ongoing training and awareness of various related threat topics.
Skills & Experience:
This role will be well suited to someone who has experience and knowledge working within Information Security, risk and compliance for a while leading on all aspects of GRC including:
- Ability to demonstrate good understanding in the field of Information Security in terms of concepts, standards, frameworks and technologies
- Good understanding of the UK Data Protection legislation and principles
- Experience with security governance and compliance requirements (e.g. DPA, PCI-DSS, ISO27001)
- Experience with working both individually with minimal supervision, and working as a part of larger teams on projects of varying complexities
- Ability to articulate technical /complex or sensitive issues / risks to a wide audience and manage them in accordance with wider frameworks
- An excellent level of attention to detail, and a strong sense of ownership
- Demonstrable experience with learning and applying new concepts quickly
- Thirst to learn
Highly desirable:
- Information security management qualifications or degrees such as a BSC or MSC in Information Security - or CISM, CISSP or equivalent is highly desirable
- Python knowledge / experience.
Here is our list of benefits:
- 34 days paid leave (This includes bank holidays)
- 2 x Life Days
- 4 x Salary of Life Insurance
- Pension: We’ll contribute 8.5%
- BUPA
- £500 wellness allowance
- Income Protection
As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.
Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.
All data will be handled in accordance with our data policies and treated with utmost confidentiality.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISM CISSP Cloud Compliance Governance IAM ISO 27001 Privacy Python Risk assessment Risk management RMF
Perks/benefits: Career development Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs