Senior Cyber GRC Policy & Governance Analyst - Flutter Functions, Hybrid & Remote
Cluj-Napoca, Romania
Betfair
We are the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands.About Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming,
Our Values:
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter Functions
The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.
Role Overview:
As a Senior Cyber GRC Policy & Governance Analyst reporting to the Cyber Security GRC Senior Manager (Governance & Risk), you will play a key role in Flutter’s Cyber GRC team and drive the development and maintenance of cyber security policies, frameworks and supporting documentation. You will ensure alignment with regulatory requirements, industry best practices, and Flutter’s risk management framework.
Key Accountabilities & Responsibilities:
- Draft, collect feedback from relevant stakeholders and obtain sign-off for cyber security documentation in alignment with industry frameworks (e.g. NIST, ISO 27001).
- Ensure policies reflect the current threat landscape, compliance requirements, and business operating models.
- Coordinate periodic reviews of all cyber security documentation to maintain relevance and accuracy.
- Maintain a central repository for policies and related governance documents.
- Work with risk owners to assess and document policy exemptions and ensure obtaining sign-offs for risk acceptances.
- Support internal and external audits by making the requested documentation available.
- Collaborate with cyber security, legal, compliance, technology, and business teams to ensure policy alignment and applicability.
- Provide guidance and clarification on policy requirements and support awareness campaigns or training programs to promote understanding and adoption.
- Engage with stakeholders to collect feedback on policy effectiveness and identify opportunities for improvement
- Support the creation of governance dashboards and reports to communicate policy status, exceptions, and trends to senior stakeholders.
- Track policy lifecycle metrics, including policy review schedules, exceptions, and implementation timelines.
- Contribute to the ongoing development of the cyber security governance framework and support GRC initiatives.
- Monitor emerging threats, regulatory changes, and industry standards to assess potential impacts on existing policies.
- Partner with GRC teams across the group to ensure a unified and consistent cyber policy & framework governance approach.
- Build strong relationships with cyber, technology, and business stakeholders to ensure policy governance activities are embedded and effective.
- Maintain deep awareness of divisional risk profiles, control environments, and operating models.
- Promote a cyber compliance-aware culture through thought leadership and practical engagement.
Skills, Capabilities & Experience Required:
- Minimum 3 years’ experience in information security.
- Experience in creating and managing policies, procedures, and governance documentation.
- Understanding of industry frameworks and standards (e.g., NIST, ISO 27001, PCI DSS, COBIT, ITIL).
- Cybersecurity certifications such as ISO 27001 Implementer/Auditor, are a plus
- Good understanding of cyber and technology risks, controls and practices.
- Understanding of security technologies and best practices.
- Experience using GRC tools.
- Awareness of the 3 lines of defence model, roles of second line/assurance functions and internal audit.
- Demonstrated ability to communicate complex information clearly to diverse audiences.
- Strategic thinker with the ability to influence and drive change across varied business functions.
- Strong analytical and investigative mindset; able to provide objective, data-driven insights.
- Results-focused, with a pragmatic approach to risk mitigation and decision-making.
- Fluent in English with excellent written and verbal communication skills.
- Highly organized, methodical, and adaptable to a fast-paced, dynamic environment.
Interpersonal & Strategic Attributes
- Influential and Trustworthy: Builds strong, trust-based relationships with stakeholders across the business.
- Objective: Approaches challenges with neutrality and fairness, ensuring consistent, evidence-based decisions.
- Collaborative: Works seamlessly with cross-functional teams to deliver on shared objectives and business outcomes.
- Adaptable: Navigates diverse perspectives with flexibility to reach optimal outcomes.
- Strategic Thinking: Maintains a forward-looking mindset aligned with Flutter’s broader technology and business goals.
- Effective Communication: Proactively engages stakeholders, communicates with purpose, and helps influence change through insight and clarity.
Benefits:
Hybrid & remote working options
€1,000 per year for self-development
Company share scheme
25 days of annual leave per year
20 days per year to work abroad
5 personal days/year
Flexible benefits: travel, sports, hobbies
Extended health, dental and travel insurances
Customized well-being programmes
Career growth sessions
Thousands of online courses through Udemy
A variety of engaging office events
Disclaimer:
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits COBIT Compliance Finance Governance ISO 27001 ITIL NIST PCI DSS Risk management RMF
Perks/benefits: Career development Equity / stock options Flex hours Health care Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.