Third Party Risk Manager
We are considering applicants in Leeds.
Style of work – Hybrid 2 days per week.
Who are we?
Flutter Entertainment is the world’s leading online sports betting and gaming company with a market capitalization of c. $37bn operating some of the most innovative, diverse and distinctive brands in the sector. A constituent of both the London FTSE 100 and New York Stock Exchange, Flutter brings entertainment to life for over 20 million customers in a safe, responsible and sustainable way. Operating in 20+ regulated markets, through our Positive Impact Plan, we are committed to making a positive contribution for our customers, colleagues, communities and the planet.
Your new role will involve
- Driving the rollout of the Flutter Cyber Security Third Party Supplier Assurance program across the group.
- Defining and embedding the operating model of the Cyber Security Third Party Risk program including processes for new supplier security risk assessment, existing supplier security risk assessment, and termination activities.
- Ensuring risks relevant to the Flutter group are identified in line with the overall Flutter risk appetite.
- Working with divisions to define the approach to the management of third-party risk using established risk management processes.
- Collaborating with Senior Managers within TPR – Technical Operational Compliance to ensure technical assessment processes and remediation tracking are driving continuous improvements.
- Working with procurement and legal teams to ensure security contract clauses reflect group requirements.
- Defining the high-level requirements for regular governance activities to ensure third parties are managed appropriately.
- Ensuring data required for other risk reporting functions is accurately delivered on time.
- Designing relevant metrics and KPIs for the Cyber Security Third Party Risk program.
- Proactively managing the development of team members to ensure a highly productive and proficient team.
- Participating in governance and oversight forums/committees as required.
- Building and maintaining relationships with key stakeholders across the group.
Key Skills
- An experienced information security governance, risk & compliance professional with a deep understanding of third-party cyber security risk.
- Experience of supplier contract negotiations, security controls, industry standard security processes (ISO27001), and personal data regulations (e.g. GDPR).
- Experience performing risk assessments of the supply chain and articulating the risk.
- Results-oriented with the ability to influence outcomes with pragmatic recommendations.
- A working knowledge of current IT Security standards such as ISO 27001, PCI, NIST, ISF, UKGC, and Data Protection.
- Inquisitive, disciplined, and logical thinker with strong investigative and analytical qualities.
- Excellent verbal and written communication skills with a flexible attitude.
- Able to adapt communication style and appreciate different perspectives.
- Ability to multi-task and strong relationship building skills.
Benefits
- Uncapped Holiday Allowance.
- Enhanced Pension Scheme.
- Bonus Scheme.
- Life Assurance.
- Income protection.
- Private healthcare (with option to add dependents).
- £/₤1,000 annual self-development learning fund & access to thousands of Udemy courses.
- Invest via the Company Share Save Scheme, Discount vouchers, Volunteering days.
- Enhanced Parental Leave Policy and paid time off for appointments.
- Reward portal e.g. electric car scheme, gym membership discounts.
- On-site Gym, Canteen and Gaming area.
At Flutter we’re working to be an inclusive employer, and we encourage people from all backgrounds to apply. If you need any adjustments to make this role work for you let us know, and we’ll see how we can accommodate them.