About the role
The Security & Resilience Manager is responsible for the National Lottery's security and resilience (business continuity management) frameworks. The focus of the role is to ensure that appropriate plans, policies, processes and systems are in place to minimise the risk of security or resilience issues. This will be achieved by defining security and resilience policies, ensuring they are reflected in systems and processes and performing assurance on adherence to these policies both internally and externally.
The objective of the role is to ensure the National Lottery operates and maintains a modern, comprehensive security environment, which preserves and enhances the integrity of the National Lottery, its products, systems, premises and people, and ensures business continuity.
The role is responsible for maintaining certification to the World Lottery Association Security Control Standard (which includes ISO, complying with any industry required standards (e.g. PCI-DSS) and aligning the resilience programme with ISO It will work closely with the IT team to agree and deliver the security and resilience frameworks.
What you will do
The duties and responsibilities of this role include, and are not limited to, the following:
1. Lead the Business Assurance Security team and provide ongoing leadership and motivation to a high functioning, engaged and effective team.
2. Responsible for maintaining suitability of, and operationalisation of, PLIs security framework ensuring all underlying requirements (WLA Security Control Standards, including ISO27001) are in place.
3. Advise on and support definition and documentation of security policies and related key processes (e.g. security incident response) aligning to PLIs security framework, working with IT, DPO and other key stakeholders to ensure they are fit for purpose.
4. Deliver holistic security oversight across all levels of the security governance structure from operational councils through to Executive Team oversight and assurance.
5. Lead on relevant security certification audits (WLA Security Control Standard, ISO 27001, industry required standards e.g. PCI-DSS) and delivery of required annual certification, including tracking and resolution of any findings and remediation in agreed timelines.
6. Define & deliver annual security assurance program on internal and external key security processes and systems and ensure any non-compliance or other issues are tracked and resolved.
7. Responsible for Business Continuity Management Framework and Plan, aligning with ISO 22301, including delivery of regular business continuity testing with issue & improvement tracking and resolution.
8. Coordinate the investigation and resolution of information security incidents, in line with the documented security incident management process, and manage retail security incident triage, resolution, tracking and reporting.
9. Manage fraud monitoring and investigation processes and activities, including prioritisation, tracking, and reporting, internally to Fraud Council and Security Governance Committee, and externally to regulator.
10. Define & deliver an annual training and awareness program ensuring all staff are aware of relevant security and business continuity policies and processes.
11. Lead the delivery of regular security risk assessments working with IT and other key stakeholders to ensure security risks are known, quantified, and managed appropriately and in line with PLIs Enterprise Risk Framework.
12. Review business requirements and solution designs to ensure security and resilience requirements are identified and implemented.
13. Deliver holistic security oversight across all levels of the security governance structure from operational councils through to Executive Team oversight and assurance.
14. Any other ad-hoc duties that may be assigned from time to time.
What we are looking for
Qualifications:
15. A recognised qualification in relevant discipline.
16. 7+ years relevant work experience.
17. A formal security qualification (e.g. CISSP or CISM) would be beneficial.
Experience:
18. Previous exposure to working as a team lead and developing others.
19. Strong stakeholder management and collaboration
20. A thorough knowledge of security procedures and systems.
21. Extensive knowledge of ISO 27001 or other security standards.
22. An understanding of the lottery or gaming business and risk management.
23. Strong understanding of IT architecture, Networks, Security Solutions and Risk Analysis.
Why you will love working here
Work-life balance: Hybrid working model, Full range of leave entitlements, Career Breaks and Secondments
Physical Wellbeing: Discounted gym membership, Eyesight tests, Flu Vaccinations, Paid sick benefit, wellbeing initiatives
Financial Wellbeing: Competitive salary, Defined contribution pension, Income protection 1:1 financial advice.
Learning & Development: We promote a culture where you can continuously develop on a personal and professional basis. These include access to 24/7 resources such as: In-House Training Programme, Go1 Learning Content, Irish Management Institute, The Executive Institute
Read more about our benefits here