Senior Manager Cyber Controls Assurance – Control Assurance
The Senior Manager Cyber Controls Assurance is a member of the Flutter Cyber Security team, reporting to the Head of Cyber Security GRC. This global role leads a team of analysts who will assess and assure the design and effectiveness of cyber controls across the group and provide insight to the divisions and key senior stakeholders regarding the maturity of the cyber security control environments and related risks. The role will also support the Head of Cyber GRC in leading Group and cross divisional 2nd line assurance initiatives.
- The Cyber Security Senior Assurance Manager is a leader and SME in the Cyber Governance Risk and Compliance (GRC) function who is responsible for driving the Group cyber security controls assurance program and cross divisional assurance initiatives across the Group
- Responsible for determining the operating model and running of the Cyber Security Assurance program which will continually provide an independent view of the control framework in each division and will act as a stimulus for action within the divisions
- Responsible for oversight of 2nd line assurance activities within each divisional 2nd line capability and establish reporting cadence and requirements
- Establish a 2nd line cyber security community to enable co-creation of cross divisional initiatives and sharing of best practice
- An established expert in Cyber Security risk and control, the Manager will provide SME input and support to ensure the risks relevant to the Flutter group are identified and kept current, in line with the overall Flutter risk appetite
- Responsible for ensuring that the risk and control library is maintained and communicated across the Flutter group to key stakeholders
- Influencing divisions to improve their cyber security controls with the aim to make the wider group more secure from internal and external threats.
- Managing and influencing key stakeholders such as divisional CTO’s and Directors of Cyber Security to ensure that they understand how the assurance program drives improvement in cyber security risk across the group.
- Establishes trusted relationships with cyber security and divisional technology teams
- Provide SME input and support for ensuring the Cyber Security policy is up to date in line with the current Cyber Security risks
- Knowledgeable of divisional cyber security controls and operating models, with a wide network of relevant stakeholders
- Ensure that concise risk reports based on the assurance test results (design & effectiveness) are produced that can be understood by all business stakeholders (including board level, internal & external audit and risk management)
- Report and monitor progress of remediation tracking activities by the divisions
- Identify risk areas that require additional focus across the group and prepare risk briefings which include pragmatic recommendations for remediation
- Identify potential opportunities for enhancing the Group’s cyber security control environment, ensuring minimal impact to stakeholders
- Ensure the assurance team’s processes and tools are fit for a program delivering across all divisions and, where possible, drive efficiencies via automation
- Design and report relevant metrics and related key performance indicators (KPIs) for the Cyber Security Assurance program which will demonstrate the effectiveness of the program
- Support division 2nd line teams with recommendations and guidance on designing and implementing cyber security controls and challenge where appropriate
- Proactively manages the development of the analysts to ensure a highly productive, dynamic and proficient team
- Foster a team culture of integrity and respect with a global outlook
- Participate in governance and oversight forums/committees as required
- Responsible for attracting and retaining talent, ensuring that high performers are continuously challenged, and poor performers are supported to get on track
- Participate in industry cyber security forums as required to ensure that Cyber risks are understood and communicated across the Group.
- A senior security information security professional with a deep understanding of Cyber Security governance, risk and compliance
- Able to adapt communication style to proactively deliver critical information to key stakeholders and to appreciate different and opposing perspectives across multiple divisions.
- Solid technical knowledge of security related technologies and industry standard processes across all Cyber Security risk areas
- Technical expert who has proven experience in defining Cyber Security policy, standards and controls
- Strong working knowledge and experience of current IT Security standards such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection
- Strategic thinking which can translate to a long-range vision for driving down Cyber Security risk across the divisions
- Ability to influence multiple stakeholders on cyber best practice and be a change agent
- Inquisitive, disciplined and logical thinker who possesses strong investigative and analytical qualities that will translate into providing independent and objective analysis of Cyber Security Risk
- Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance
- Solid experience in audit and assurance methodologies, with the flexibility to adapt approach to suit a dynamic environment
- Excellent verbal and written communications skills with the ability to modify style to influence technical and business stakeholders
- A methodical approach to organising workload to ensure deadlines are met
- Ability to adapt working in a dynamic environment dealing with complex challenges and communicating to all levels of the business.
Interpersonal: Building Relationships
• Building Support; we establish close relationships with our stakeholders, underpinned by trust, integrity and respect. We are able to build awareness, understanding and positive momentum behind the Group technology strategy, often without being in a position to assert authority.
• Objective; we are impartial and unbiased, ensuring equal treatment for all and that decisions taken are based on objective criteria.
Outcome-focused: Achieving Results
• Collaborative; we work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.
• Adaptable; we understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.
Strategic: Planning for the future
• Strategic Thinking; we think about the big picture and use that perspective to support our Divisions to achieve competitive advantage through greater agility, faster time to market and a better customer experience.
• Strategic Communication; we are proactive and considered in our approach to stakeholder communications. We actively listen, provide constructive feedback and help others to consider new perspectives.