Senior Manager Security GRC

The Team

OpenBet is a global leader in betting and gaming entertainment, trusted by over 200 partners to create memorable winning moments for millions of players worldwide. From processing bets during iconic events like the FIFA World Cup and Super Bowl to pioneering next-gen products like Bet Builder, we continuously redefine the player experience with high-quality content, cutting-edge technology, and advanced player protection tools.

For over 25 years, our unbeatable platform has powered the most recognizable betting brands, ensuring peak performance with 100% uptime, unmatched scale, and speed. With 85 licenses, 20 World Lottery Association operators on our customer roster, and a team of 1,200+ experts across 14 countries, we remain at the heart of the industry. Join OpenBet to take your career to the next level and be part of a global innovative team shaping the future of betting entertainment for millions worldwide.

The Goal

OpenBet is seeking a GRC Senior Security Manager to strengthen its growing Cyber Security team. This position requires a seasoned security professional with a proven track record in GRC leadership and team management. Reporting directly to the Global Cyber Security Director, you will be Managing OpenBet’s GRC team, driving governance, risk and compliance ensuring the organization’s cyber resilience.

The Cyber Governance, Risk & Compliance (GRC) Senior Security Manager is a senior leadership role within the Cyber Security job family. This position is suited for a proven security professional with strong experience leading governance teams and shaping security governance and operational strategy. The Senior Manager will lead the performance of the GRC function, ensuring alignment with organizational security strategy, regulatory obligations, and operational excellence.

This leader will drive security governance frameworks, manage risk, ensure compliance, and support the effective operation of the broader security organization, acting as a strategic partner across business and technology domains.

The GRC Senior Security Manager will be responsible for:

• Leading the GRC team and ensuring its success.
• Ensuring the design, implementation, and continuous improvement of security governance frameworks, policies, standards, and controls.
• Overseing risk management processes including identification, assessment, mitigation, and reporting of security and technology risks.
• Ensuring maintenance of certifications and audit reports
• Support cross-functional compliance initiatives, external audits, certifications, and regulatory assessments.
• Ensure that engineering best practices—including secure development, incident management, CI principles, and fast feedback loops—are embedded across teams.

What you’ll be doing

The employee holding this position is expected to:

• Report to the Global Cyber Security Director and collaborate closely with other technical and nontechnical teams to successfully deliver projects from a cyber secuirity grc perspective.
• Lead and mentor a team of cybersecurity GRC professionals, fostering a culture of excellence and continuous improvement.
• Deliver team and personal KPIs, ensuring operational performance aligns with company targets.
• Lead the implementation, maintenance, and continual improvement of ISO-based management systems, including but not limited to ISO 27001, ISO 27017, ISO 27018 and additional ISO & various certifications where applicable
• Lead end-to-end lifecycle of internal and external ISO audits, including planning, evidence collection, gap analysis, corrective actions, and audit readiness.
• Oversee SOC 1 and SOC 2 audit & reporting requirements, ensuring controls are designed, implemented, tested, and documented consistently to meet Type I and Type II expectations.
• Actively participate in a 'Follow-the-Sun' operational model, occasionally shifting working hours to align with international clients, cross-border stakeholders, and regional regulatory timelines.
• Manage cross‑functional coordination with auditors, owners of controls, engineering teams, and operations to ensure timely and accurate audit responses.
• Lead preparation and submission activities for WLA (World Lottery Association) Security Control Standards audits, ensuring alignment with WLA‑SCS requirements and maintaining certification readiness.
• Ensure outputs from all audits (ISO, SOC, WLA) feed into continuous improvement cycles, security risk registers, and executive reporting.
• Maintain audit schedules, external assessor relationships, frameworks documentation, and compliance reporting dashboards.
• Support customer discussions around security posture, compliance certifications, SOC reports, audit outcomes, and risk assurance.
• Lead the enterprise-wide Cyber Risk Management Framework, ensuring it is consistently applied across business units and technology domains.
• Lead all phases of risk management, including identification, assessment, scoring, mitigation planning, tracking, and reporting.
• Oversee risk quantification where applicable (e.g., FAIR-based methods) to translate technical risks into business impact.
• Ensure risks are tied to business processes, product lines, service availability, and customer obligations.
• Maintain and continuously mature the corporate Risk Register, ensuring timely updates, clear ownership, and executive‑level reporting.
• Establish and monitor Key Risk Indicators (KRIs) and metrics that provide meaningful insights into security posture.
• Ensure systematic control testing, maturity assessments, and assurance activities are executed across the organization.
• Drive cross-functional risk treatment plans, ensuring progress, accountability, and risk reduction aligned with strategic priorities.
• Provide expert guidance to product, engineering, and operations teams on emerging risks, threat exposure, and policy gaps.
• Drive the Cyber Security Third‑Party Risk Management (TPRM) and Vendor Security Assurance program end-to-end.
• Lead the evaluation of third‑party suppliers, cloud providers, hosting partners, and managed services using cyber risk‑based methodologies.
• Ensure ongoing security assessments are performed for all critical vendors, including security questionnaires, evidence reviews, and control testing.
• Ensure security requirements are incorporated into contractual agreements
• Collaborate with Legal, Procurement, and Finance to align contractual, compliance, and commercial terms with security expectations.
• Manage security aspects of exit and transition plans for vendor offboarding, ensuring data protection and service continuity.
• Provide customer‑facing assurance regarding supplier security controls and dependencies.
• Maintain strong day-to-day operational oversight of the GRC team.
• (Optional) Possess knowledge of the sports betting market and processes, considered a plus.

The Player

• Bachelor’s degree in Computer Science, Information Security - Cybersecurity, or related field (required).
• Master’s degree in Cybersecurity or related discipline (preferred).
• Minimum 8-10 years in cybersecurity, with at least 3-4 years in a leadership role.
• Preferred Security Certifications:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Security Auditor)
• CCSP (Certified Cloud Security Professional)
• ISO 27001| Lead implementer / Lead Auditor
• ISO 27017 | Lead implementer / Lead Auditor
• ISO 27018 | Lead implementer / Lead Auditor
• Strong project management skills with excellent stakeholder communication and ability to operate in a global, fast-paced environment with multiple priorities.
• Advanced analytical and decision-making capabilities under pressure.
• Deep understanding of security governance, audit, risk and compliance models.
• Hands-on experience with security governance frameworks & certifications including implementation and audit.
• Knowledge of cybersecurity frameworks and regulations applicable to the sports betting industry (e.g. GLI-33, WLA, ISO 27001, SOC Type 2 etc.)
• Ability to support cyber resilience in high-performing, high-availability environments.
• Customer-focused mindset with commitment to improving customer experience.
• Proficient in English (written and spoken).

What’s the Score?

Why OpenBet?

• The Playground: Join a team of innovators, disruptors, and game-changers who are reshaping the future of betting and gaming.
• The Mission: Be part of a mission-driven organization that's committed to revolutionizing the way the world plays.
• The Impact: Make a real impact on the world stage, leaving a lasting legacy that transcends boundaries and inspires generations to come.
• The Culture: Immerse yourself in a culture of creativity, collaboration, and curiosity, where every idea is welcomed, every voice is heard, and every dream is encouraged.
• The Future: Join us on the journey to build the future of betting and gaming, one game-changing innovation at a time.