Information Security Auditor
IT Internet and Technology
|RecruitGibraltar are currently recruiting for a Information Security Auditor to join a successful and diverse gaming operation with online betting and gaming websites. Due to their continued success and expansion in the UK and abroad, our client is on the lookout for enthusiastic, innovative and dedicated people who want to begin or continue their career in the online gaming industry. In return our client offers a diverse and exciting working environment and comprehensive training and support that actively encourages our people to develop and work up the organizational structure. In addition, an excellent benefit package is on offer that rewards our employees for their loyalty and hard work.
What is the plan for the Information Security Auditor role?
Ensure alignment of Technology offering with the Information Security and compliance requirements that the organization is exposed to, both traditional regulations such as PCI-DSS or ISO27001 and also gaming regulations for the markets where the company operates.
The role is responsible for translating these requirements into operational changes that need to happen to achieve or maintain compliance and ensuring that appropriate tests and audits are conducted to start and maintain operations in regulated markets and in adherence with the group Information Security policies. In addition the role is responsible for creating frameworks and designing processes to improve effectiveness and efficiency of our approach to technology compliance in regulated markets
What will you do as a Information Security Auditor?
· Introduce Technology platform and process changes to align with compliance requirements
· Analyze technical audit requirements and support recurring audits of Technology platform and processes. Coordinate technical audits across several areas.
· Review and identify improvements to the company Information Security posture
· Analyze and design technical regulatory interfaces
· Coordinate the implementation of technical regulatory interfaces
· Update compliance documentation with changes in Technology platform and operations
· Support entry into new gaming markets and new B2B partnerships.
· Analyze technical and product compliance requirements, for instance for the purpose of gaming license certification.
· Technical point of contact for external regulators and auditors. Establish a working relationship with regulators to ensure a fluent two-way communication.
· Support of compliance efforts on technical discussions
· Execute projects to implement the group Technical Compliance strategy
· Perform compliance and security assessments of the Group infrastructure
· Conduct internal gap analysis against relevant information security and regulatory standards (PCI, ISO27001, etc.)
· This role performance will directly impact the costs of bringing our technology and applications aligned with jurisdictional regulatory requirements, participating in key decisions to enter new markets
What do you know that makes you a great Information Security Auditor?
Security industry standards work: ISO27001, PCI-DSS, etc.
Customer-oriented person, with the ability to educate a non-technical audience on Technical Compliance and security subjects
At least three years’ experience in a similar position
Excellent knowledge of Technical Compliance processes as well as outstanding technical knowledge of the underlying technical foundations
Jurisdictional compliance knowledge: ARJEL, GRA, AGCC, AAMS, etc. This person needs to be familiar with Compliance regulations and our overall architecture, leading audits and participating in key decisions to enter new market, even speaking with the regulators themselves on behalf of the company
Previous experience in security consultancy
Relevant professional qualifications will be considered, although not a requirement, e.g. CISA, CISM, CISSP, GIAC, etc.
Salary £40k based on experience with bonus, an excellent relocation package and private healthcare.