Flutter Technology is recruiting a Security Analyst to drive Information Security and risk for global projects. You will be working to identify risks by analysing the latest threats to systems and providing security requirements for tech projects for the group's well-known betting and gaming brands across the globe.
This is a fantastic opportunity to provide input into the projects that will ensure the confidentiality, integrity, and availability of services across Flutter Group. The role will contribute to the selection of security requirements to meet our risk frameworks, policy, and standards compliance, to achieve our group security objectives.
You must be effective at articulating control requirements, promoting secure processes, mitigating risk and when required describing residual risks to a wide range of stakeholders. You will be comfortable working with cross-functional global teams in dynamic organisations, as the role will have interdependencies with security engineering teams, our partners, and our suppliers.
The right candidate will have experience working with enterprise organisations on large-scale projects, displaying a customer-obsessed and collaborative approach, coupled with a strong technical understanding to provide confidence and answer questions. An ability to engage and help crystallise business benefits by leveraging a modern and practical approach within information security, demonstrating an .
- The Security Analyst will need to review, assess, and define security requirements for the Flutter Group Functions Projects, based on the risk appetite, international standards, compliance requirements and internal risk frameworks
- Work with Flutter Assurance and Compliance team to ensure alignment with the Flutter Security Framework, and complete Passports of compliance for projects
- Work with the product owners, architects, developers, engineers, and service managers to build security requirements into every delivery by recommending appropriate security controls to counter identified threats
- Support the team and third parties to understand of the security policy and framework requirements
- Understand emerging threats and the application of security controls to mitigate those threats
- Work with the team to understand risk appetite including recording and reporting of residual risks
- Review audit findings and work to implement improvements either through the identification of new or enhance controls or process improvement with service management.
- Facilitate the development and communication of Flutter Group security principles for systems design, development and deployment.
- Use and promote systems and operational security design methodologies
- Provide technical advice and best practise guidance across multiple technology platforms including APIs, cloud/serverless solutions, containers, data services, infrastructure, mobile apps, networking, and others.
- Trusted business partner to encourage interaction from the area (answer ad-hoc questions, share security expertise, improve security of processes, improve security understanding of the business area)
- Responsible for driving the vulnerability management remediation within Flutter Global Services and help to scope security vulnerability assessments and track results and findings through to resolution.
- Support the creation and drive adoption of security operational processes
- Perform risk assessments and raise risks for cyber vulnerabilities identified within Flutter Group Functions
- Build and maintain relationships with key stakeholders across the group
- Understand the area’s people, process & technology to provide enhanced security consultancy, faster reviews and better engagement.
- Big Thinker: Constantly explores and analyses future scenarios and possibilities to help Flutter respond to change and shape the future; drives self and others to pursue opportunities that will create sustainable value for Flutter; contributes to the functional and the Flutter strategy, mapping and aligning efforts to strategic imperatives.
- Effective Communicator : Provides clarity on business goals; is effective in all types of communication; adjusts communication style to fit the audience; consistently communicates the mission, vision and values to inspire, energise and motivate others throughout Flutter; ensures others understand how their efforts positively impact the bigger picture; creates an environment that encourages effective communication and the sharing of diverse perspectives.
- Commercially Savvy: Makes it their business to be aware and anticipate emerging external factors and changing market dynamics; constantly explores and analyses future scenarios and possibilities to help Flutter respond to change and shape the future; has deep understanding of business drivers and the industry to guide decisions and lead others.
- Customer Obsessed: Builds and maintains strong relationships with stakeholders; champions the needs of customers and the importance of exceeding expectations; builds and delivers solutions that exceed customer expectations; prioritises customer satisfaction and builds commitment in others to provide outstanding service.
- Wins Together: Gains trust and support of others, generous with time, advice and knowledge; is able to establish and engage networks to get stuff done rather than depend on authority; seeks out opportunities to break down barriers and collaborate and partner across organisational boundaries.
- Resilient: Creates a climate where people are curious, resilient, determined, learn and adapt; handles and manages crises effectively; anticipates and shows the way forward during setbacks; builds energy in others to stick with it/ to stay on track / push through.
- Strong inter-personnel, analytical & communication skills and experience of working directly with both technical and non-technical stakeholders
- Experience as part of a InfoSec Management practice, working on multiple large and complex projects simultaneously
- An appreciation of Cloud Technologies (Amazon, Microsoft, Google), Virtualisation (VMWare, XEN), advanced network and firewall technologies, SSO, Windows and Linux Servers, web applications, CI/CD/devops tooling
- A Strong understanding of Infrastructure Security threats, vulnerabilities and best practices. Ability to help people to clearly and accurately articulate complex threats and risks, controls and mitigations.
- Drive risk management in the area to improve security risk oversight and more informed security decision making. Also by escalating significant issues to accountable stakeholders and driving successful outcomes alongside them.
- A good understanding of security systems, including authentication systems, data loss prevention systems, log management and other relevant systems
- Excellent understanding of the latest security principles, techniques, and protocols
- Experience of current IT Security standards such as ISO 27001, PCI, NIST, ISF, Data Protection
- Experience in managing global distributed processes with matrix responsibilities
- A personal drive to use data, metrics and analysis to support service delivery and technical/ business strategy development
- CISSP Certified or similar