Cyber Security Director

Who We Are:

The world's top sports betting and lottery brands choose OpenBet as their partner for world class content, leading tech and tailored service. We have their back, so they’re ready with exciting, memorable and safe sports betting experiences to entertain billions of players worldwide.

 

Director of Security - OpenBet: The world's top sports betting and gaming brands choose OpenBet as their partner for world class content, leading tech and tailored service. We have their back, so they’re ready with exciting, memorable and safe sports betting experiences to entertain billions of players worldwide. 

 
 

The Role 

The purpose of this role is to act as Director of Security, leading both the Product and Information Security functions at OpenBet, reporting to the SVP of Technology. The role will be responsible for implementing and overseeing policy and process to protect OB’s employees and its physical and information assets with a particular focus on cyber security.  This includes securing OB’s infrastructure and systems using access management, network and system security architecture, threat and vulnerability management with end point protection, logging and monitoring. The role will also establish security led software development processes to enable product security from the start ensuring that OB develops and delivers secure platforms and properly protects its information.  
The successful candidate will also ensure compliance and best practice around data handling and storage including GDPR, PCI and equivalent requirements across our markets as well as managing risk across the business. 
OB is ISO27001 certified this role will make sure this is retained and extended as needed.  

It is essential that the role establishes a working Security Committee coordinating subject matter experts and service owners across the company to identify risk and decide mitigating policies and measures, ensuring consistency and stakeholder support.  The Director of Security and team implement security initiatives and coordinate the evaluation, deployment, and management of current and future security technologies. 

This position works closely with the various OB business units and technology departments and requires the ability to balance business needs with security best practices. The successful candidate will provide effective, high quality and timely subject matter expertise, input and guidance on Information Security matters. This role is ‘business facing’ in nature as well as being ‘hands-on’ in terms of delivery. To that end, the successful candidate must demonstrate an aptitude toward building lasting partnerships, relationships and trust within OB’s business units, clients, and regulators and working partners; and, at the same time, be equipped to talk with authority around a wide range of technical and procedural matters pertaining to OpenBet Information Security. 

 

Primary Duties 

Strategy & Planning 

• Work closely with the business and peers to lead and develop a multi-year Security Strategy and Roadmap which identifies existing gaps to security and delivers a structured plan to mature OB’s security practice. 

• Lead strategic security planning by prioritizing security initiatives to achieve business goals and protect OB, its customers, platforms and services, games, sensitive data and IP, and the overall IT environment. 

• Manage the annual operating and capital budgets for purchasing, staffing, and operations for Information Security. 

Business Facing 

• Build strong relationships with division organizations including IT, product and software development, client delivery, HR and others along with key SG Corporate functions supporting OB in order to implement appropriate security controls and protect OpenBet assets. 

• Partner closely with the senior/executive leadership of the platform and game teams/studios to ensure ‘security by design’ is incorporated into all projects, that appropriate security controls are understood and adhered to by process, and that security compliance requirements are followed. 

• Ensure all data security related regulatory and compliance requirements are met together with the legal team. 

• Provide security leadership in supporting contractual and regulatory compliance requirements (e.g. GDPR, PCI DSS, ISAE-3402/SSAE-18 SOC reports, etc.). 

• Chair the division Security Committee, managing associated assignments, tasks, and reporting 

• Contribute to the company risk register to document and mitigate role related risks. 

• Implement, maintain and develop appropriate security certifications for OB. 

 

Operational Management 

• Develop security policy and process, according to industry standards and best practices. 

• Work closely with IT and other technology groups to fully secure information, computer, network, and processing systems. 

• Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations. 

• Participate in division projects and initiatives including product, client delivery, operations, etc., providing leadership and expertise on security matters, questions, and requirements.   

• Ensure compliance to division and corporate policy and processes through reviews and initiatives. 

• Oversee vulnerability management for all division networks, applications, and systems. 

• Oversee security operations including the monitoring of security tools and services to identify and respond to security events and incidents. 

• Head the Security Incident Response Team in responding to and managing security incidents and the activities associated with security incidents including notification, reporting, and investigation. 

• Define and test operational threat response procedures, providing continuous process improvement. 

• Provide security leadership in supporting sales and client management activities including participating in RFPs, supplier due diligence, on-site visits, etc. 

• Oversee vendor and supplier compliance to division requirements through contracts and agreement reviews, conducting supplier due diligence, and ensuring SLA management. 

• Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact. 

• Develop and grow the talent and people capability within the Information Security team, optimizing the mix of internal vs. external individuals and 3rd parties as required. 

 

 

Qualifications 

Experience and Qualifications: 

• The successful candidate must have held several senior technologist positions and specifically a senior security operations position within a medium to large organization comprising digital and omni-channel services in regulated sectors. 

• Demonstrable experience influencing at a senior level, which builds collaborative and trusted internal networks that achieve strategic goals. 

• Proven experience in designing and delivering technical solutions that address commercial problems. 

• In addition, they must have a track record creating and managing security technologies capable of protecting large-scale, globally highly available, mission-critical digital products and platforms. 

• Proven leadership skills – experience in building and motivating high-performing teams. 

• Extensive experience managing external suppliers. 

• Significant experience managing senior stakeholders up to and including Board Directors. 

• Proven track record in maintaining and enhancing skill level according to future technology trends and using innovative approaches in solving and preventing problems. 

• A track record providing leadership in thought and vision. 

• Expertise in deeply embedding security awareness, operations and culture into all parts of an organization. 

• A proven track record in delivering on time and against budget within a highly pressurized 24/7 

• environment. 

• Relevant security certifications: CISSP, CISM, CRISC, CISA, OSCP, CEH, ISSMP. 

• Successful implementation of security certifications like ISO27001. 

• Excellent knowledge of PCI and GDPR. 

• Desirable 

• Experience of working within the igaming/sports betting industry 

 

 #LI-KV1

#LI-Hybrid