Main responsibility is focused on Information Security Risk, ISMS and Compliance, to assist the Director of Information Security and work in a team to safeguard all the organization’s Information assets. You will be involved in the development, implementation and management of an Information Security Management System (ISMS) using ISO 27001 standard and that meets SOC 2 requirements. You will design and implement various security controls that will improve the Confidentiality, Integrity and Availability of Information assets. You will work closely with our Legal & Compliance teams, Business Operations, IT operations, Software developers, Human Resources and other internal and external stakeholders and third parties to continuously improve the organization’s security posture.
Duties and responsibilities (including, but not limited to):
- Work with the Director of Information Security and other members of the Information security team in managing Information Security Risks across all business units
- Support the Global Information Security department in developing, implementing, certifying and maintaining an Information Security Management System (ISMS) aligned to the ISO27001 standard and SOC 2 requirements.
- Manage all internal and external audit findings and ensure their remediation on an agreed schedule with the respective stakeholders.
- Escalate risks and issues relating to the management and operation of the ISMS to The Director of Information Security and VP of Global Information Security
- Ensure that the ISMS is properly documented, measurable and effectively communicated to the entire organisation.
- Work with the other Compliance teams within the organisation to maintain regulatory compliance with various gaming and government regulations
- Drive and continuously improve the Information Security awareness and training program.
- Audit & Reviews: Perform various forms of audits and reviews (i.e user rights audits, firewall rules review, process compliance, vulnerability scans, pentests e.t.c) and support the internal audit programme.
- Monitor the organization’s security infrastructure for security breaches, intrusions and indicators of compromise (IOCs).
- Investigate security breaches where breaches are known or suspected to have occurred and participate in incident response activities to minimize the impact.
- Responsibilities may require working outside normal working hours in response to the needs of the systems being supported.
- May be required to travel on official assignments when necessary.
- Follow work assignments given by the Director of Information Security, VP of Global Information Security or the Management.
Requirements for Information Security Specialist Position:
- Minimum of 3 years experience in various domains of Information Security.
- Implementing various Information Security and compliance frameworks i.e ISO 27001/27002, GDPR, NIST, SOX 404, PCI DSS, SOC-2 etc.
- Carrying out risk assessments and treatment with controls selection / implementation in an ISO27001 and SOC 2 environment.
- Providing guidance on best practices and compliance requirements in implementing security in systems, networks and software development environments.
- Communicating security standards, policies and best practices to all relevant stakeholders within the organisation.
- Proposing and implementing security-related enhancements and best practices.
- Developing and maintaining security documentation (policies, procedures and guidelines)
- Language skills: excellent spoken and written English.
- Personal characteristics: organised and able to bend over backwards to achieve results, good interpersonal skills, oriented to achievements, strategic and analytical thinking, able to take initiative and handle stress, good at problem solving and multitasking. Ability to convey information to non-technical colleagues in a concise and clear way and commitment to continuous personal and professional development.
GAN is committed building a diverse workforce. As an equal opportunity employer, we believe merit is everything and we consider qualified candidates without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, political views or activity, or other applicable legally protected characteristics. If you’re a qualified candidate with a disability or long term condition, and need a reasonable accommodation to apply for this position, please contact firstname.lastname@example.org.
GAN operates in a highly regulated environment, and candidates may be required to obtain a gaming license in one or more U.S. states or jurisdictions where GAN conducts business, which includes (but may not be limited to) an application requesting personal data, a criminal and credit check, and fingerprints. GAN will cover all costs and provide access to an Identity Protection program.