InfoSec Governance Manager
Are you someone who is looking to step into a diverse company and drive the security governance and assurance of the most dynamic InfoSec team? Then this is the role for you!
Betsson is both ISO27001:2013 and PCI-DSS certified making this a core senior function within the Information Security Team. Working closely with the CISO, the Information Security Governance Manager is responsible for all aspects related to information security governance, risk and compliance including the management of the Group’s corporate ISMS.
This role covers overall responsibility for: Information Security Governance, Information Security policies, procedures, standards and guidelines, the Information Security Risk Management programme, the Information Security Internal Auditing Programme and the Information Security Compliance Programme, within the applicable laws and regulations; e.g. GDPR, and gaming laws.
As a Manager you will be also be managing a small team of professionals and working closely with the Security Operations Manager in executing a diverse set of projects or tasks defined on a roadmap that support the Information Security Strategy. These areas include Business Continuity Management, vendor due diligence, awareness training and work to support the entry into new jurisdictions. The role, will undoubtedly also see you reaching out and working with other stakeholders to satisfy audit requirements whilst fronting external auditors, with the overall aim of acting as an ambassador for Security governance.
A taster of what you will be involved with
- Manage Betsson Group’s corporate ISMS.
- Manage Betsson Group’s ISO27001 and PCI-DSS certifications, as they apply to all gaming brands and jurisdictions, including by managing the scope of Betsson’s certified ISMS.
- Manage and optimise Betsson’s Information Security Governance processes.
- Manage all Information Security policies, guidelines and procedures, in line with all technical, legal, compliance and other requirements.
- Support external parties interacting with Betsson’s ISMS.
- Manage the Information Security Risk Management programme, including by chairing the Information Security Risk Management Committee.
- Manage the Information Security Internal Auditing Programme, including by: (1) enabling the accurate technical security assessment of applications, systems and network infrastructure, (2) documenting the security posture and conformance to Betsson’s security control framework, and (3) developing assessment methodologies to ensure security assurance and governance efforts conform with the confidentiality, integrity, and availability requirements at the organisational, application, system and network environment levels.
- Manage the Information Security Compliance Programme.
Provide insight to all stakeholders within Betsson on how to consolidate controls and effectively manage Betsson’s Information Security Program.
- Develop methods to monitor and measure security governance, compliance and risk efforts.
- Maintain information system assurance accreditation materials.
- Prioritise initiatives for the InfoSec Governance, Risk and Compliance activities.
- Ensure policies, procedures, and standards are current, reviewed and updated periodically.
- Interface with the Legal and Data Privacy teams to manage Betsson Group’s data governance program, and to support Betsson’s addressing of techno-legal issues.
Who we are looking for
- 5+ years progressive experience with Security, Risk, Governance, Compliance or related professional area;
- 5+ years experience in enterprise security risk management frameworks and processes (e.g., ISO2700X, NIST, Cloud Security Alliance);
- 5+ years experience in facilitating and conducting security assessments related to PCI-DSS, ISO 27001, NIST 800-53 and Cybersecurity Framework audits;
- Proven knowledge of the ISO27001 standard, NIST security standards, PCI-DSS requirements;
- Experience in information security management systems and process planning;
- Direct management of cross-functional, sourced, or matrixed teams;
- One or more of the following security certifications CISA, CISM, or CISSP.
What we offer
Much like riding a rollercoaster, sometimes life at Betsson can be lightning fast with twists and turns but always FUN! Then again, what else would you expect from a business 75% millennial and 1700 strong, spread across 7 offices with 900 based out of our Malta HQ alone! We recognise it may not be for the faint-hearted, but if you’re a go-getter, initiator and adrenaline junkie, always striving to push the boundaries and challenge yourself, then you’ll fit right in.
We offer numerous challenges where your skills will be put to good use! We encourage innovation, independence and celebrate success where you will be part of multi-cultural and diverse company, with people from all over the world.