Director of Cyber Security

Director Cyber Security
We are considering applicants in – London/Leeds/Dublin
Style of work – Hybrid 2 days per week

Who are we?  
Flutter is the world’s leading online sports betting and iGaming operator, with a market leading position in the US and across the world. Our ambition is to maximise our significant scale and our challenger mentality to change our industry for the better. By Changing the Game, we believe we can deliver long-term growth while promoting a positive, sustainable future for all our stakeholders. We are well-placed to do so through the distinctive, global advantages of the Flutter Edge, which gives our brands access to group-wide benefits to stay ahead of the competition, as well as our clear vision for sustainability through our Positive Impact Plan. Flutter operates a diverse portfolio of leading online sports betting and iGaming brands including FanDuel, Sky Betting & Gaming, Sportsbet, PokerStars, Paddy Power, Sisal, tombola, Betfair, MaxBet, Junglee Games and Adjarabet. 

On May 31 2024 Flutter moved its primary listing to the New York Stock Exchange. With a greater proportion of our future profits expected to be generated in the US, and given FanDuel’s #1 position in that market, we believe a US primary listing is the natural home for the Group. 

Responsibilities:

• Ensuring a first-class service to Group Functions Directors in relation to briefing and advice on cyber security.

• Taking forward the implementation of Group cyber security strategy, (Project Guardian) for Group functions driving a long-term approach to building resilience and capability.

• Supervising the work of the 2nd line Cyber Risk, Standards and Assurance Team, whose functions include implementing technology security policies and standards for cyber security, oversight and reporting on NIST CSF. You will work to strengthen cyber
  governance and management of cyber risk across Group functions including providing timely, accurate and salient risk reporting to senior management and risk committee.

• Supervise and steer the adoption and implementation of NIST CSF as the standard for cyber security across Group functions. You will ensure that technical assurance is conducted on Group functions assets, and risks and issues managed and mitigated in accordance with Group policies and frameworks

• Leading the Head of Flutter Group Functions Security Monitoring & Incident Response team. Ensuring that Group functions have robust and consistent processes for incident response e.g Okta, FlutterBe, Oracle financials, Coupa etc.  Gathering data in line with
  SEC reporting requirements in the event of a significant cyber or data security incident.

• Leading work across Group functions to educate asset owners on their responsibilities during an incident including GDPR, SEC and associated geography related local regulations.

• Leading the Head of Flutter Group Functions Platforms & Services Security team, (Engineers and Security architects) ensuring that Group functions assets are compliant with NIST CSF v2, afforded the adequate security monitoring, and adhere to Group policies and frameworks.

• Collaborate and provide thought leadership to key stakeholders such as Group legal, Group Risk, Group DPO, Group finance to ensure that the Group functions cyber capability is adding new value and assisting the Group functions teams to better manage cyber risk

• Engage as part of merger and acquisition activities to assess the level of cyber risk in any proposed acquisition

• Communicatee progress on strategic pieces of work to Flutter Group Cyber stakeholders

• Create and maintain the cyber risk management framework and implementation and adoption across Group functions

• Responsible for the update of the Group Functions Tech risk register, either directly or in collaboration with risk register owners and risk owners (as appropriate)

• Act as “gatekeeper” and overseer for inputs to the risk system, ensuring entries are current and to the required standard.

• Critically review/challenge the reporting of cyber risks ensuring accurate risk information is presented into the Risk Committee and Board.

• Oversight responsibility for inputs and data sources for the Divisional cyber risk dashboard, ensuring consistency with the underlying risk registers and risk information

• Ensure timely production and collation of risk reporting to the risk governance process and provide summary reporting and escalation of issues to direct report.

• Ensure the insurance incident reporting process continues to operate effectively and relevant action are tracked to conclusion.

• Form and manage effective relationships with operational and senior management within Group functions as well as Group Risk, Compliance, and Audit, flagging actual and emerging risks to relevant line management.

• Assist in ensuring data and cyber security risks are articulated in collaboration with line management and specialist IT Risk resource, as required.

• Create, maintain and report risk profile for Group functions based on:

  • Controls assurance outputs

  • Penetration testing outputs

  • Risk register for Group Functions cyber

• Ensure that risk profiles match divisional risk registers

• Conduct and deliver an annualised schedule of Risk Assurance reviews and Risk and Control Effectiveness Assessments providing relevant reporting and escalations of key findings and issues
   

Key Skills:

• Proven experience in successfully building, leading, managing, and delivering cyber security and technology advisory and assurance services to large/multinational clients.

• Proven experience in leading, developing and managing large and diverse teams.

• Proven track record in mentoring and promoting inclusive and diverse working environments.

• Multiple sector industry exposure and depth of technical security knowledge in cyber security, disaster recovery and Risk Management

• Excellent written and verbal communication skills, with the ability to explain technical issues to non-technical audiences.

• Strong risk management knowledge and expertise preferably developed in a dedicated risk management capacity (or alternatively in a compliance or audit role).

• Excellent communication and interpersonal skills with the confidence and capability to interact and negotiate with individuals at all levels within an organization of this scale.

• Self-motivated and the ability to operate independently and take the initiative, is essential.

• Experience of coordinating and producing multi-source management information, dashboards, scorecards and reports, including a strong analytical capability.

• Highly organized and able to manage own workload and simultaneous tasks to meet stretching targets and strict deadlines.

• Demonstrable experience of thinking and working in a highly strategic way

• Demonstrable experience in building strategy and design of security programs across multiple geographies

• Work as part of any M&A activity to present the approach to global cyber security to any potential target or partner

• Strategic thinking which can translate to a long-range vision for driving down Cyber Security risk across divisions

• Inquisitive, disciplined and logical thinker who possesses strong investigative and analytical qualities that will translate into providing independent and objective analysis of Cyber Security Risk

• Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance
   

Benefits:

• Uncapped Holiday Allowance (you read that right!)

• Enhanced Pension Scheme (please ask for your location and we will share)

• Bonus Scheme

• Life Assurance

• Income protection

• Private healthcare (with option to add dependent)

• £/₤1,000 annual self-development learning fund & Access to thousands of Udemy courses

• Invest via the Company Share save Scheme, Discount vouchers, Volunteering days.

• Enhanced Parental Leave and paid time off for appointments.

• Reward portal eg. electric car scheme, gym membership discounts etc.

• Wellbeing scheme

• On-site Gym, Canteen and Gaming area plus many more!

At Flutter we’re working to be an inclusive employer, and we encourage people from all backgrounds, ways of thinking and working to apply. Everyone brings different perspectives and experiences; you don't have to meet all the requirements listed to apply for this role.

If you need any adjustments to make this role work for you let us know, and we’ll see how we can accommodate them.

Our Work Experience is the combination of everything that's unique about us: our culture, our core values, our company meetings, our commitment to sustainability, our recognition programs, but most importantly, it's our people. Our employees are self-disciplined, hardworking, curious, trustworthy, humble, and truthful. They make choices according to what is best for the team, they live for opportunities to collaborate and make a difference, and they make us one of the Top Workplaces in the area.