Senior Cyber GRC Policy & Governance Analyst

Blip is a leading tech company focused on software engineering solutions for sports entertainment.

We operate at scale. As part of Flutter Entertainment, we play an essential role in the Group's goal of becoming the global leader in online sports betting and iGaming, developing innovative products and platforms for over 14 million monthly customers worldwide.

We are serious about Tech. We are problem-solvers with big ambitions, keeping a people-first mindset at the core of our work. We prioritize flexibility as we strive to deliver the best technological products and tackle the greatest industry challenges.

Recognizing that everyone brings their own strengths, backgrounds and new perspectives, we empower you to be yourself. That uniqueness shapes the culture of belonging we are so proud of.

The Role

As a Senior Cyber GRC Policy & Governance Analyst reporting to the Cyber Security GRC Senior Manager (Governance & Risk), you will play a key role in Flutter’s Cyber GRC team and drive the development and maintenance of cyber security policies, frameworks and supporting documentation. You will ensure alignment with regulatory requirements, industry best practices, and Flutter’s risk management framework.

What You’ll Be Doing  

• Draft, collect feedback from relevant stakeholders and obtain sign-off for cyber security documentation in alignment with industry frameworks (e.g. NIST, ISO 27001).
• Ensure policies reflect the current threat landscape, compliance requirements, and business operating models.
• Coordinate periodic reviews of all cyber security documentation to maintain relevance and accuracy.
• Maintain a central repository for policies and related governance documents.
• Work with risk owners to assess and document policy exemptions and ensure obtaining sign-offs for risk acceptances.
• Support internal and external audits by making the requested documentation available.
• Collaborate with cyber security, legal, compliance, technology, and business teams to ensure policy alignment and applicability.
• Provide guidance and clarification on policy requirements and support awareness campaigns or training programs to promote understanding and adoption.
• Engage with stakeholders to collect feedback on policy effectiveness and identify opportunities for improvement
• Support the creation of governance dashboards and reports to communicate policy status, exceptions, and trends to senior stakeholders.
• Track policy lifecycle metrics, including policy review schedules, exceptions, and implementation timelines.
• Contribute to the ongoing development of the cyber security governance framework and support GRC initiatives.
• Monitor emerging threats, regulatory changes, and industry standards to assess potential impacts on existing policies.
• Partner with GRC teams across the group to ensure a unified and consistent cyber policy & framework governance approach.
• Build strong relationships with cyber, technology, and business stakeholders to ensure policy governance activities are embedded and effective.
• Maintain deep awareness of divisional risk profiles, control environments, and operating models.
• Promote a cyber compliance-aware culture through thought leadership and practical engagement.

What You’ll Bring

• Minimum 5 years’ experience in information security.
• Experience in creating and managing policies, procedures, and governance documentation.
• Proficiency in industry frameworks and standards (e.g., NIST, ISO 27001, PCI DSS, COBIT, ITIL); certifications such as CISSP, CISM, CISA, CRISC, CGEIT, ISO 27001 Implementer/Auditor, ITIL Foundation or COBIT Foundation are a plus
• Good understanding of cyber and technology risks, controls and practices.
• Solid technical knowledge of security technologies and best practices.
• Experience using GRC tools.
• Awareness of the 3 lines of defence model, roles of second line/assurance functions and internal audit
• Demonstrated ability to communicate complex information clearly to diverse audiences.
• Strategic thinker with the ability to influence and drive change across varied business functions.
• Strong analytical and investigative mindset; able to provide objective, data-driven insights.
• Results-focused, with a pragmatic approach to risk mitigation and decision-making.
• Fluent in English with excellent written and verbal communication skills.
• Highly organized, methodical, and adaptable to a fast-paced, dynamic environment.

We'd Like You To Master In 

• Influential and Trustworthy: Builds strong, trust-based relationships with stakeholders across the business.
• Objective: Approaches challenges with neutrality and fairness, ensuring consistent, evidence-based decisions.
• Collaborative: Works seamlessly with cross-functional teams to deliver on shared objectives and business outcomes.
• Adaptable: Navigates diverse perspectives with flexibility to reach optimal outcomes.
• Strategic Thinking: Maintains a forward-looking mindset aligned with Flutter’s broader technology and business goals.
• Effective Communication: Proactively engages stakeholders, communicates with purpose, and helps influence change through insight and clarity.

This is what you should have. What do we have, you ask? Well...you can check our amazing perks & benefits  right  here !  

So ... are you in?  
  

Equal opportunities  

At Blip, we are committed to creating a diverse and inclusive workplace. We strongly encourage people from all backgrounds, ways of thinking, and working to apply.  
We are committed to including everyone regardless of their race, disability, age, gender identity, sexual orientation, and religion.  
Everyone brings different perspectives and experiences; you don’t have to meet all the requirements listed to apply for this role.  

If you need any adjustments to apply for the position and to ensure this role aligns with your needs, please send an email to  accommodations@blip.pt . 

We will only respond to inquiries related to disabilities.