As an Information Security Analyst joining our Governance, Risk and Compliance team within the information security function, you will be responsible for the implementation and maintenance of controls and processes required for GiG’s Information Security Management System (ISMS). This would include the implementation and maintenance of policies, as well as leading security awareness campaigns across all organisations. Taking into account the nature of our business, you would also be supporting the compliance team with any regulatory security requirements.
What you will be doing:
- Develop and maintain the Group’s Information Security related policies, procedures and work instructions.
- Ensuring the continual improvement of GiG’s ISMS.
- Assisting with the design of information security processes.
- Communicating with different departments and driving the implementation of security processes
- Performing periodic audits of key security processes to ensure operating effectiveness
- Contribute to the development of appropriate security KPIs, objectives and strategies, towards improving the Group’s security posture and security maturity.
- Maintain and improve the security education, training and awareness framework.
- Performing information security risk assessments.
- Maintain the Group’s Security Risk Register and liaising with other relevant parties, such as finding owners
- Contributing to the ISMS Committee
- Providing advice on ISO27001, PCI DSS and other relevant compliance standards – including MGA and UKGC gaming regulatory requirements.
- Participate in regulatory audits and assist Legal and Compliance teams as may be required.
- Manage supplier onboarding risk assessment process together with the procurement team.
- Liaising with staff, informing them on security measures, and explaining potential threats.
- Minimum of two years working experience in an Information Security role, or similar.
- Bachelor’s degree in Information Systems, Computer Science or a relevant area.
- A basic understanding of the igaming industry.
- A basic understanding of information security (deep technical knowledge is not required).
- Good understanding of ISO27001 requirements (desirable)
- Advantageous – relevant certifications in information security, IT or auditing (ISO27001 Implementer/auditor, CEH, etc.).
Besides that little twist in your personality that makes you unique, we are looking for a colleague with the following skills and attributes:
- Excellent written and oral communication ability in English
- Strong work ethic, methodical and good attention to detail
- Sound decision-making ability and ability to deliver quality work even under pressure situations
- Ability to multitask and prioritize tasks that are important and urgent
- Good technical knowledge of Excel/PowerPoint/Word
- Ability to understand complex issues and resolve them in an accurate and timely fashion
- Willingness to speak to and interact with a diverse range of people
- Strong willingness to learn
- You see the big picture and how details fit into it.
- You see connections and interactions between items.
- You can look at things from different perspectives.
- You enjoy development work and are rather organised and logical in your approach.
- You take responsibility for projects that may be complex.