Sr. Cybersecurity Analyst, Vendor Assessment

About Us

We are BetMGM. We are revolutionizing sports betting and online gaming in the United States. We are a partnership between two powerhouse organizations—MGM Resorts International and Entain Group. You know our name through our exciting portfolio of brands including BetMGM Sportsbook, Borgata online, Party Casino and Party Poker. We aim to bring our ideas into action and find ways to deliver the best quality in gaming platforms.

We understand that each card in the deck plays a unique role in any given hand, just as our employees each play a unique role in accomplishing our goals as a company. We strive to create a culture of empathy where our employees feel valued, heard, and comfortable bringing their authentic selves to work. We want to build a product and a workplace that reflect the communities we serve so we approach our work fearlessly, take responsibility when we get it wrong, and ante-up again. We play to win, and we are all-in together.

We were recognized as one of Glassdoor’s “Best Places to Work”.

About the Role

BetMGM is seeking a Senior Cybersecurity Analyst in Vendor Assessment to identify, quantify, and mitigate risks to the organization from 3rd party vendor relationships, collaborating with the Cybersecurity Manager and BetMGM InfoSec team. This position is under the supervision of the Sr. Director Cyber & IT Risk. 

The Sr. Analyst will show strong analytical skills, a detailed mindset, and strong communication and interpersonal skills to articulate findings of each vendor assessment to internal and external parties. This role will partner with various teams within our parent organizations (MGM and Entain) to respond to evolving business requirements and stay on top of emerging threats as it relates to onboarding and continuous monitoring of 3rd party vendor relationships. The Sr. Analyst will also leverage their expert knowledge of today's ever-changing cybersecurity landscape, technical state regulations, and risk landscape to influence the Technology acquisition process across our business.

Responsibilities

• Conduct vendor evaluations thorough assessments of potential vendors to determine their suitability for partnership. 
• Conduct comprehensive security risk assessments of third-party vendors, evaluating their security controls, policies, standards, and infrastructure. 
• Analyze vendor capabilities, financial stability, reputation, and compliance with relevant regulations and standards. 
• Aid in the development and maintenance of comprehensive third-party risk management procedures, trackers, and documentation, aligned with industry best practices. 
• Collaborate with procurement teams to develop selection criteria and assist in vendor selection processes. 
• Help to establish and maintain key performance indicators (KPIs) and service level agreements (SLAs) for vendors. 
• Monitor vendor performance against established metrics and SLAs. 
• Identify areas for improvement and work with vendors to implement corrective actions. 
• Develop risk mitigation strategies and protocols in collaboration with internal stakeholders. 
• Conduct regular risk assessments and implement measures to minimize risk exposure. 
• Ensure that vendors comply with contractual agreements, regulatory requirements, and company policies. 
• Stay informed on relevant regulations and industry standards impacting vendor relationships. 
• Conduct audits and re-assessments to verify vendor compliance with established standards, prioritizing those with highly sensitive data.
• Carry out application security vulnerability scanning and supply remediation options, where applicable.
• If and only when necessary, attend third-party onsite visits in support of any part of the vendor assessment process (willingness to travel to vendors up to 10% of the time).  
• Prepare comprehensive reports and presentations summarizing vendor assessments, performance evaluations, and risk analyses. 
• Provide insights and recommendations based on data-driven analysis to support decision-making processes. 
• Communicate findings and recommendations to relevant stakeholders, including senior management and cross-functional teams. 
• Contribute to Kanban boards and/or other tracking tools to increase visibility into assigned work and promote workload efficiencies. Stay on top of latest emerging technology trends and proactively update the vendor assessment processes where needed. 

Qualifications  

• 5+ years of experience with third-party vendor security assessment methodologies and security monitoring tools.  
• Proven experience in vendor management, procurement, supply chain management, or related roles. 
• Proven experience in conducting risk assessments. 
• Strong analytical skills with the ability to interpret complex data and draw actionable insights. 
• Ability to articulate identified risks to management and key stakeholders in a clear, actionable manner. 
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with internal and external stakeholders. 
• Detail-oriented mindset with a focus on accuracy and precision. 
• Ability to work independently, manage multiple priorities, and meet deadlines in a fast-paced environment. 
• Knowledge of compliance, conduct, and operational risk management frameworks and processes.
• Expertise in common technology controls for industry best practices (e.g., from NIST, ISO, ISACA, GLI etc.) frameworks. 
• Ability to collaborate with high-performing teams and individuals throughout BetMGM and externally to accomplish common goals. 
• Bachelor’s or advanced degree in technology or a related field or equivalent work experience. 
• Relevant certifications (e.g., CSCP, CPIM, CISA) are a plus. 

The annual salary range for this position is $89,200 to $117,075.  Factors which may affect starting pay within this range may include geography/market, skills, education, experience and other qualifications of the successful candidate.  This position is also eligible for participation in a performance-based bonus plan. 

Gaming Compliance & Licensing Requirements
 
As an online gaming company, BetMGM is required to comply with state gaming regulations which includes licensing obligations.  Applicable employees must be licensed by at least one jurisdictional agency, although certain positions require licensing by multiple agencies.  Failure to become licensed or maintain licensure with each agency as required for the role may result in termination of employment.  Please note that the licensing process includes comprehensive background checks which may include a review of criminal records, financial history, and personal background verification.

In addition, candidates must comply with and support the company's responsible gambling policies, procedures and initiatives.

About Our Culture

Building BetMGM from the ground up takes effort, energy, and teamwork, but that’s what will make leading this industry all the more satisfying. We stay focused on our main goal with the help of these four company pillars:

Believe in Your Game – Take your shot! There’s a freedom to explore ideas usually only start-ups are lucky enough to experience.

Backed by the Best - With our expertise—merged with that of our world-class investors—we have the opportunity to take this business, and ourselves, farther than anyone has ever imagined.

Do What’s Right - We operate with clarity and simplicity, always doing the right thing by our customers and each other, standing shoulder to shoulder every day.

Hustle Hard - Our combined commitment and ambition is what drives us to create some of the most innovative products in the industry.

What We Offer

As a valued employee, we’re committed to giving you the resources and support you need. We offer Medical, Dental, Vision, Life Insurance, Commuter Benefits, Paid Time Off, Holidays, Employee Resource Groups and more!

Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. The position is also eligible for an annual bonus.

BetMGM LLC is an Equal Opportunity Employer. We provide equal employment opportunities to all qualified individuals, regardless of race, religion, gender, gender identity, age, marital status, national origin, sexual orientation, citizenship status, veteran status, disability, or any other legally protected status. As an organization, we are unwavering in our commitment to maintaining a discrimination-free work environment, and fostering a culture of inclusivity, belonging and equal opportunity for all employees and applicants.
 
We understand that each card in the deck plays a unique role in any given hand, just as our employees each play a unique role in accomplishing our company goals.  So, we are committed to an inclusive culture for all and empowering our employees to thrive in meaningful careers. At BetMGM, we play to win, and we are “all in” together.  If your experience looks a little different from what we’ve identified and you think you’ve got what it takes, we’d love to learn more about you.

If you need assistance or accommodation with your application due to a disability, you may contact us at recruitment@betmgm.com.

This job description is not an exclusive or exhaustive list of duties a person in this position may be asked to perform from time to time.