Role PurposeThe Director of Cyber Governance, Risk and Compliance (GRC) is a senior leadership role reporting to the Global CISO, responsible for developing, implementing, and overseeing comprehensive cybersecurity governance, risk management, and compliance programs across Flutter. This position requires strategic thinking, deep technical expertise, and the ability to translate complex cyber risks into business language for executive leadership and stakeholders. The role will be critical in completing our transition across Futter Group to the NIST CSF 2.0 industry standard, working with all levels of the organization to quantify, measure and manage risk and cyber maturity across Flutter brands.Accountabilities & ResponsibilitiesStrategic Leadership & GovernanceLead a team of security GRC professionals, driving a culture of continuous improvement, data-driven measurement and reporting, and proactive risk managementEstablish and maintain cybersecurity governance structures, policies, and procedures that set the boundaries and parameters for Flutter's cyber control environmentProvide strategic guidance to executive leadership on cyber risk posture and investment priorities based on data-led controls assuranceRisk ManagementDesign and oversee enterprise cyber risk assessment methodologies and frameworksDevelop, curate and maintain risk appetite statements and tolerance thresholds in collaboration with Flutter brandsManage global third-party risk assessment service to oversee cybersecurity supply-chain risks for the groupSupport brands in their risk management and controls assurance activities as requiredControls Assurance and GRC EngineeringLead a team of controls assurance analysts in collating and maintaining a continuous view of our cyber control health throughout the groupLead a team of GRC Engineers tasked with creative problem-solving including continuous controls monitoring and independent assuranceDrive the use of AI in the cyber GRC space to reduce the burden of assurance across the GroupStakeholder ManagementEngage with internal and external stakeholders, including senior leadership, to provide strategic insights and influence decision-making around security mattersRepresent the organization in discussions with regulators, auditors, and third-party vendors regarding security posturePrepare materials for the board and support the Global CISO and Director of Transformation & Operations with any board-related matters & regulatory requestsInfluence and work with brand-based colleagues to achieve collective objectives and drive best practice across Cyber GRCBuild and maintain effective relationships with other compliance functions including Group Risk, Group Legal, Group Data Protection, Group Internal Audit and their divisional counterpartsSkills & CapabilitiesCybersecurity Expertise:Deep understanding of cybersecurity frameworks (NIST CSF, ISO 27001, CIS, SANS, COBIT)Understanding and knowledge of modern Cyber GRC practicesLeadership & People ManagementProven experience leading and mentoring cross-functional teams, with a focus on fostering a culture of security excellence.Strong influencing and communication skills, able to effectively interact with senior executives and technical teams alike.Risk ManagementExpertise in identifying, assessing, and mitigating cybersecurity risks across digital platforms.Ability to prioritize security initiatives based on business impact and risk appetite.Knowledge and understanding of commercial, regulatory and more general business risksProblem-Solving & Analytical ThinkingStrong analytical skills with the ability to quickly identify and solve complex security GRC challenges.Ability to think strategically and leverage data and information to support decision-makingProject ManagementSkilled in managing complex projects, with a focus on security initiatives.Ability to oversee multiple projects simultaneously, ensuring timely delivery and alignment with business objectives.Qualifications & ExperienceBachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or a related fieldRelevant certifications (e.g., CISSP, CISM, CISA, AWS Certified Security – Specialty, or similar) are highly desirable.Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership roleExtensive experience in leading security strategy, risk management, controls assurance and other GRC related competenciesProven track record in working with senior leadership and external stakeholders to influence security outcomes.Familiarity with the gambling or financial services industry is a plus, but not required.What's In It For YouWe are a flexible employer; whether you have personal commitments or a hobby that brings you joy, we want you to bring your best self to work and feel empowered to do so. We also like to share our success; after all you make it happen. We have an excellent benefits package that can be personalised to you:Bonus schemeUncapped holiday allowanceEnhanced pension schemePrivate healthcareLife assuranceIncome protection£1,000 annual self-development learning fundInvest via the Flutters Sharesave SchemeEnhanced parental leaveAbout FlutterWe are a world leader in online sports betting and iGaming, with a market leading position in the US and across the world.We have an unparalleled portfolio of the most innovative, diverse and distinctive brands including FanDuel, Sky Betting & Gaming, Sportsbet, PokerStars, Paddy Power, Sisal, tombola, Betfair, MaxBet, Junglee Games and Adjarabet.With our global scale and challenger attitude, through which we excite and entertain our customers, in a safe and sustainable way. Using our collective power, the Flutter Edge, we aim to disrupt the sector, learning from the past to create a better future for our customers, colleagues and communities.We're working to be an inclusive employer, and we encourage people from all backgrounds, ways of thinking and working to apply. Everyone brings different perspectives and experiences; you don't have to meet all the requirements listed to apply for this role.If you need any adjustments to make this role work for you let us know, and we'll see how we can accommodate them.