Find a job
← To job search

Security Assurance Analyst

Apply now
Role area:
Technology
Contract type:
Full Time
Location:
Cluj - Napoca
Share on LinkedIn

Role purpose:

  • Paddy Power Betfair uses third parties to meet regulatory requirements, to make use of existing mature technologies, to use additional resources for defined time intervals and specific projects, to transfer risks and optimize costs.
  • The role has to ensure that, whenever there is a need to share data with, or to provide access to third parties, there are adequate contractual clauses and sufficient evidence on the effectiveness of the security controls implemented by the third party to control the inherent security risks and to ensure compliance to legal and regulatory requirements.
  • As part of the Security Compliance & Assurance function, the role reports to the Technology Governance & Assurance Senior Manager.
  • Key stakeholders are the Procurement team who govern the contracting process and the security specialists involved in assessing business projects. The candidate is expected to interact with process owners from all areas of the business, from various locations across the world.
  • The candidate should have expertise in supplier contract negotiations, security controls and technologies, personal data regulations (e.g. GDPR).

Accountabilities:

  • Determine the need for security and data protection clauses in contracts and negotiate the inclusion of such clauses with the third parties.
  • Identify potential risks, determine what the adequate level of assurance is required, ask for and assess evidence that demonstrates effectiveness of security processes and controls implemented by the third parties.
  • Raise a formal risk when the assurance level obtained is not sufficient considering the criticality of the third party relation.
  • Support internal and external audits that either focus on the Third Party Security Assurance process, or on certain suppliers used by the business.

Key strengths:

  • Demonstrate good understanding of GRC (governance, risk and compliance)
  • Having worked before in Technology, Gaming or Financial sector is an advantage
  • Be inquisitive about processes, controls, dependencies, problems, risks
  • Have an analytical mind able to filter out meaningful data from large amounts of information
  • Be able to influence internal and external stakeholders to support outcomes delivery
  • Think beyond theoretical principles and be able to adapt to an agile environment
  • Deliver within timelines while multitasking
  • Communicate with ease both in person and using communication tooling (email, voice and video calls) with stakeholders in various hierarchical positions
  • Be flexible, have adaptive approaches depending on situation (when identifying and assessing issues, evaluating mitigations options, following-up on closures)

Competencies:

  • At least 3 years experience, preferably gained in complex, multinational companies, in one or more of the following: supplier assurance, security risk management, security audits
  • Broad understanding of security processes and controls
  • Good understanding of outsourcing processes, associated risks and benefits
  • Knowledge and ease of working with security standards (e.g. ISO 27001, PCI DSS)
  • Good understanding of data protection principles and legislation
  • One or more of CISA, CISSP, ISO 27001, COBIT, ITIL, ISO 20000 certifications
  • Good level of spoken and written English (B2) (fluency in English is a must)