Paddy Power Betfair uses third parties to meet regulatory requirements, to make use of existing mature technologies, to use additional resources for defined time intervals and specific projects, to transfer risks and optimize costs.
The role has to ensure that, whenever there is a need to share data with, or to provide access to third parties, there are adequate contractual clauses and sufficient evidence on the effectiveness of the security controls implemented by the third party to control the inherent security risks and to ensure compliance to legal and regulatory requirements.
As part of the Security Compliance & Assurance function, the role reports to the Technology Governance & Assurance Senior Manager.
Key stakeholders are the Procurement team who govern the contracting process and the security specialists involved in assessing business projects. The candidate is expected to interact with process owners from all areas of the business, from various locations across the world.
The candidate should have expertise in supplier contract negotiations, security controls and technologies, personal data regulations (e.g. GDPR).
Determine the need for security and data protection clauses in contracts and negotiate the inclusion of such clauses with the third parties.
Identify potential risks, determine what the adequate level of assurance is required, ask for and assess evidence that demonstrates effectiveness of security processes and controls implemented by the third parties.
Raise a formal risk when the assurance level obtained is not sufficient considering the criticality of the third party relation.
Support internal and external audits that either focus on the Third Party Security Assurance process, or on certain suppliers used by the business.
Demonstrate good understanding of GRC (governance, risk and compliance)
Having worked before in Technology, Gaming or Financial sector is an advantage
Be inquisitive about processes, controls, dependencies, problems, risks
Have an analytical mind able to filter out meaningful data from large amounts of information
Be able to influence internal and external stakeholders to support outcomes delivery
Think beyond theoretical principles and be able to adapt to an agile environment
Deliver within timelines while multitasking
Communicate with ease both in person and using communication tooling (email, voice and video calls) with stakeholders in various hierarchical positions
Be flexible, have adaptive approaches depending on situation (when identifying and assessing issues, evaluating mitigations options, following-up on closures)
At least 3 years experience, preferably gained in complex, multinational companies, in one or more of the following: supplier assurance, security risk management, security audits
Broad understanding of security processes and controls
Good understanding of outsourcing processes, associated risks and benefits
Knowledge and ease of working with security standards (e.g. ISO 27001, PCI DSS)
Good understanding of data protection principles and legislation
One or more of CISA, CISSP, ISO 27001, COBIT, ITIL, ISO 20000 certifications
Good level of spoken and written English (B2) (fluency in English is a must)