Senior Cyber Security Manager - GRC

Are you a GRC specialist? Want to play a crucial role in the development, implementation, and management of the Jagex's Governance, Risk, and Compliance (GRC) framework? Want to do that for one of the worlds leading online games companies?

This position will report to the Director of Cyber Security to ensure the company’s information security policies and practices align with both industry regulations and internal strategic objectives, particularly focusing on supporting game development processes.

This is an opportunity

What you'll be doing:

GRC Framework Development:

• Develop and implement a comprehensive GRC framework that aligns with industry standards such as ISO 27001, NIST CSF, PCI-DSS, and GDPR.
• Manage and update the information security policies, ensuring they are current and relevant to evolving risks.
• Ensure alignment with legal, regulatory, and contractual obligations specific to the game development industry.
• Oversee the creation, implementation, and regular review of security policies, standards, and procedures.
• Collaborate with business units to ensure that policies are understood, accessible, and appropriately enforced.

Risk Management:

• Identify, assess, and manage technical and non-technical security risks associated with game development, live operations, and supporting infrastructure.
• Develop risk treatment plans, work with game development teams to mitigate identified risks, and track remediation efforts.

Compliance & Audit Management:

• Lead internal and external audits for compliance certifications, ensuring successful completion with minimal business disruption.
• Manage the lifecycle of compliance initiatives such as PCI-DSS, GDPR, and other regional requirements affecting game development operations.
• Stay informed of industry trends and changes in regulations that may impact security compliance efforts.

Training & Awareness:

• Develop and deliver a security awareness program that targets various departments, with an emphasis on secure coding and game development practices.
• Ensure continuous education across the company on security policies, risks, and compliance.

Vendor & Third-Party Risk Management:

• Evaluate the security posture of third-party vendors and partners, ensuring their practices align with the company’s security policies.
• Oversee the third-party risk management process, conducting vendor security assessments and managing associated risks.

What you'll need:

• Extensive experience in a GRC role within the gaming, technology, or software development industries.
• Proven experience in managing security policies, risk assessments, and compliance programs (such as ISO 27001, PCI-DSS, GDPR, etc.).

Knowledge & Skills:

• Deep understanding of governance, risk, and compliance processes as they relate to game development.
• Strong knowledge of security frameworks and standards like ISO 27001, NIST CSF, SOC 2, and GDPR.
• Experience leading security audits and working with both internal and external auditors.
• Strong risk management skills, including conducting risk assessments, developing treatment plans, and overseeing remediation efforts.
• Excellent written and verbal communication skills, with the ability to convey complex security topics to technical and non-technical stakeholders.
• Relevant security certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer.

Soft Skills:

• Strong leadership and project management abilities, with a track record of managing cross-functional teams.
• High attention to detail, proactive in identifying risks, and a solution-oriented approach.
• Ability to thrive in a dynamic, fast-paced game development environment.

What we offer:

When you join Jagex you can look forward to a generous Perks & Benefits package including:

• Private Healthcare, including Dental Plan.
• Minimum 6% Pension contributions.
• Employee Assistance Programme & onsite Counselling.
• Life Insurance.
• Discretionary annual performance bonus.
• Enhanced family leave policies from day 1.
• Flexible working hours.
• 25 days annual leave + Bank holidays & the option to buy/sell holidays + so much more!

Please note that due to us approaching the Christmas & New Year break, we have many people among the hiring teams who are on annual leave or will be absent due to the studio closing over the holiday period.
This means that, in most cases, applications made during December are unlikely to proceed to interview until January 2025. We appreciate your patience during this time.

Collaboration is at the heart of Jagex. We love getting together with our teams to share ideas and socialise.

Flexibility really is the key to how we set up working schedules, we’ll discuss your needs with you and be transparent about the working schedules of the team you’ll be working with during our interview process.

About Jagex:

Make forever games with us.

Jagex is a thriving international games company with a growing library of forever game IPs for core gamers. We have such huge expertise at running games for the long term that we re-define expectations for what evergreen success looks like.

We create spaces for our players to come together – with each other and with us – inside and outside of our games. We empower our players with real influence on the game’s evolution. We help our players belong. Our community experiences give players a greater stake in what they’re playing, creating loyal forever fans.

These strengths inform our vision of our studio as a thriving international games company with a growing library of forever game IPs for core gamers. Our forever games will nurture sizable communities whose loyalty provides consistent revenues.

This in turn drives our mission: We create forever fans by empowering our community. We give players experiences worthy of their long-term time investment and actively collaborate with them to shape the games and the community for the better.

If this is something you want to be a part of, get in touch.

We have 500 of the industry’s most talented individuals in our Cambridge studio; if you share our values and ambition, we’d love to talk to you. Worried you don’t meet all the requirements in the spec? Your attitude, fresh perspective and experience is just as important to us; if you think this could be the perfect job for you, let’s talk.