Key skills
Leadership
About this role
Role Overview
- Own the ISMS policy framework and governance programme, providing independent second-line oversight across the technical risk domain.
- Drive the organization through ISO 27001:2022 certification and ensure the ISMS scales to meet the information security requirements of regulated markets including Malta, Isle of Man, Curaçao and future target markets.
- Design and maintain the ISMS policy framework, with measurable Control Objectives, KPIs, KRIs, and KCIs linked to specific controls and evidence.
- Govern the ISO register suite as the authoritative evidence layer; produce evidence packages for audits, certifications, and regulatory inspections.
- Compile compliance dashboards from register data and report posture to senior leadership, grounded in documented evidence.
- Govern the non-conformity and CAPA process: classification, root-cause, remediation tracking, and closure review.
- Run risk-based internal audit programmes and own the governance questionnaire suite.
- Drive ISO 27001:2022 Stage 1 and Stage 2 certification, including managing the certification body relationship.
- Assess new market entries against the ISMS and deliver required policy or control amendments before license activation.
- Own the ISMS implementation roadmap, sequencing control deployment across Technology, Product, Operations, Infrastructure, and Procurement.
- Build effective relationships across technical, product, and operations teams so governance is embedded at the point of delivery.
Requirements
- ISO 27001:2022 Lead Implementer or Lead Auditor.
- CISA, CISM, or equivalent.
- ISO 31000 (e.g., PECB Lead Risk Manager) desirable.
- Degree in Information Security, Law, Compliance, Risk, or related field, or equivalent professional experience.
- 5+ years in information security governance or ISMS programme delivery, with 3+ years in a senior or management role.
- Demonstrated ownership of an ISO 27001 programme through to successful Stage 2 certification.
- Experience in a regulated B2B gaming supplier, platform, or aggregator environment.
- Track record of cross-functional delivery across engineering and product, and of leading market entry compliance workstreams.
- Line management experience.
- Working knowledge of ISO 27001:2022 Annex A and Clauses 4–10.
- Translates regulatory requirements into clear, auditable policy.
- Confident communicator; able to influence without direct authority.
- Comfortable in a fast-moving, multi-jurisdiction environment.
Benefits
- 24 days paid holiday per year.
- Hybrid Working with flexi start time (3 days office/2 days home).
- Private Medical Insurance.
- Team Building Opportunities.
- Parking (limited).