Security Governance Risk & Compliance Analyst

Spotlight Sports Group is a global media and technology company specialising in content and data within sports betting, horse racing and fantasy sports. With over 400 employees, the group operates multiple award-winning brands, including Racing Post, the world’s largest horse racing affiliate, Pickswise, myracing and Free Super Tips. We partner with leading operators across the betting industry to produce and build multilingual, best-in-class digital products and content to engage and educate customers. ICS-digital, an international marketing agency including ICS-translate, also operates under the group.

Reports to:

Darren Allen - DPO 

There is an expectation of office based travel, which can vary based on location. We have offices in London and Leeds.

Job purpose:

To ensure that new and current projects protect the confidentiality, integrity and privacy of our data by leveraging risk analysis, governance, compliance, industry best practices, and global privacy knowledge.

Accountabilities:

The SGRC Analyst will:

• Act as the first point of contact and consultation for any stakeholders in the business teams launching new efforts, providing innovative thinking on the best ways to protect privacy and security, ensuring governance and compliance and mitigating risks during the planning, researching, and designing phases. 
• Review global privacy standards and give guidance to maintain compliance for a widening base of international products and ensure best practices are captured and followed.
• Document processes/workflows to identify gaps and provide process enhancement recommendations
• Review and understand existing agreements, contractual arrangements and standards to identify and remediate challenges.
• Perform periodic gap assessments to validate governance & compliance on an ongoing basis.
• Perform annual reviews and support internal and external audit process for relevant compliance and assurance concerns.
• Partner with the production, development and other teams to ensure they make the right decisions when handling data, including customer data.
• Support vendor due-diligence process and help to lead and define overall third party risk management efforts.
• Perform business impact analysis and assist with development and management of the risk register.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
• Represent privacy function when DPO is unavailable.
• Assist DPO with onboarding of new starters with GDPR induction.

Key relationships:

• Security Director
• DPO
• People & Development Team
• Marketing Team
• Commercial/Business Teams
• Engineering

Skills and attributes:

Essential

• Experience in Cyber Security, Privacy, Governance Risk, & Compliance  is preferred; however, any combination of experience, education, or certification that demonstrates the candidate can be successful in information security and/or IT risk management with a focus on security, governance, risk and compliance.
• Critical thinking, synthesis, analytical skills, and superb reading comprehension.
• Excellent organisational, communication and presentation skills; as well as business acumen and a commercial outlook.
• The ability to multitask in a fast-paced environment.
• The ability to grasp concepts quickly, make sound decisions and resolve issues completely.
• Knowledge of compliance, governance & risk assessment frameworks/processes
• Proficiency in data manipulation and analysing large amounts of data from multiple data sources

Desirable

• Strong experience in Information Security, Governance, Risk & Compliance
• Previous experience in GDPR and Global Privacy
• Relevant industry certifications

We offer a range of well-being initiatives, including private medical insurance, excellent parental leave, a working globally policy, mental health support, assistance programs, and social gatherings. We also provide a pension scheme and various other benefit schemes. Plus, we all get our birthdays off work and enjoy 25 days of holiday per year.

We’ve also got you covered with life assurance and exclusive perks like the Star card and our Step Further Awards (our employee recognition program) to recognise your dedication. For those working via the hybrid model (in the office and at home) we’ve made commuting easier with our Season Ticket Loan and Cycle to Work Scheme.

You can also take advantage of complimentary access to our Racing Post Members Club, complete with an Ultimate Membership. We believe in making a positive impact beyond the workplace, and you'll have the chance to volunteer two days per year with our charity partner, Autism in Racing.