Information Risk Officer


The Role

As an Information Risk Officer, you will form part of GiG’s centralised Information Security team, and you will be reporting to the Head of Information Security. You will be responsible for driving information risk management across the business. You would enable a risk-based approach to information security, through the creation and implementation of a business-specific risk management framework. As an information risk officer you would work closely with business stakeholders, understanding the various business processes in GiG and working side-by-side with the process owners to integrate security controls in the processes that would mitigate any unacceptable risks.

What you’ll be doing

  • Work with the rest of the infosec team to create an information risk management framework that will enable a risk-based approach to security, across the organisation
  • Conduct, document and communicate information risk assessments across the business, reflecting business-defined risk criteria and scope
  • Create, document and monitor information risk treatment plans in collaboration with business leaders across the group
  • Drive the group’s information risk management strategy
  • Regularly assess the group’s information security policies, periodically identifying gaps to compliance across the business
  • Work with accountable business leaders in closing gaps to compliance to policy, amending and adapting any requirements if deemed necessary.
  • Increase awareness with the various business leaders in a collective team effort of integrating security in the culture of the organisation
  • Identify gaps in information security processes; working with the information security team to create and implement processes.
  • Build, communicate and continuously update a holistic controls framework that reflects the business’ risk appetite
  • Monitor effectiveness of information security processes and controls
  • Put into place a third party security framework to enable the creation of risk-management processes adaptable to the complex business model of the group
  • Build and manage a framework that will allow the business to identify, control and monitor vendor and white label risks on the business
  • Form part of project/product steering committees and change management boards, defining information security requirements and controls, captured as a direct result of risk assessments

Who you are:

  • 3 years working in information security or information risk
  • Comprehensive knowledge of risk management principles
  • Experience working with or have extensive knowledge of laws, regulations, standards and compliance requirements specific to the gaming industries
  • Experience performing IT Audits or Risk Assessments
  • Experience working with business stakeholders in management positions
  • Excellent communication skills
  • Excellent problem solving and critical thinking skills

Would be a plus:

  • Having one or more of the following certifications: CISA; CISM; CRISC
  • Have a degree in IT, business or management.
  • Experience working in the gaming industry or as an information security consultant for gaming companies



Start date: As soon as possible really. Let’s talk about it.
Last application date: We’ll hire as soon as we find a match, apply now.
Location: Malta

What we Offer

We GiGsters play hard, but we work even harder. We take personal responsibility for our deliverables every day, and we’re killing it. We work as one GiG, from teams to individuals, to make iGaming fair and fun for all. Each GiGster, no matter what their role, is empowered to be disruptive. And we are agile enough to make it happen. We are front-runners and deliver the best. Always. No compromises.

Join our team!

As a diverse and inclusive employer, GiG encourages applications from all sections of the community.