Director of Cyber Governance, Risk and Compliance

Role Purpose

The Director of Cyber Governance, Risk and Compliance (GRC) is a senior leadership role reporting to the Global CISO, responsible for developing, implementing, and overseeing comprehensive cybersecurity governance, risk management, and compliance programs across Flutter. This position requires strategic thinking, deep technical expertise, and the ability to translate complex cyber risks into business language for executive leadership and stakeholders. The role will be critical in completing our transition across Futter Group to the NIST CSF 2.0 industry standard, working with all levels of the organization to quantify, measure and manage risk and cyber maturity across Flutter brands.

Accountabilities & Responsibilities

Strategic Leadership & Governance

• Lead a team of security GRC professionals, driving a culture of continuous improvement, data-driven measurement and reporting, and proactive risk management
• Establish and maintain cybersecurity governance structures, policies, and procedures that set the boundaries and parameters for Flutter’s cyber control environment
• Provide strategic guidance to executive leadership on cyber risk posture and investment priorities based on data-led controls assurance

Risk Management

• Design and oversee enterprise cyber risk assessment methodologies and frameworks
• Develop, curate and maintain risk appetite statements and tolerance thresholds in collaboration with Flutter brands
• Manage global third-party risk assessment service to oversee cybersecurity supply-chain risks for the group
• Support brands in their risk management and controls assurance activities as required

Controls Assurance and GRC Engineering

• Lead a team of controls assurance analysts in collating and maintaining a continuous view of our cyber control health throughout the group
• Lead a team of GRC Engineers tasked with creative problem-solving including continuous controls monitoring and independent assurance
• Drive the use of AI in the cyber GRC space to reduce the burden of assurance across the Group

Stakeholder Management

• Engage with internal and external stakeholders, including senior leadership, to provide strategic insights and influence decision-making around security matters
• Represent the organization in discussions with regulators, auditors, and third-party vendors regarding security posture
• Prepare materials for the board and support the Global CISO and Director of Transformation & Operations with any board-related matters & regulatory requests
• Influence and work with brand-based colleagues to achieve collective objectives and drive best practice across Cyber GRC
• Build and maintain effective relationships with other compliance functions including Group Risk, Group Legal, Group Data Protection, Group Internal Audit and their divisional counterparts

Skills & Capabilities

Cybersecurity Expertise:

• Deep understanding of cybersecurity frameworks (NIST CSF, ISO 27001, CIS, SANS, COBIT)
• Understanding and knowledge of modern Cyber GRC practices

Leadership & People Management:

• Proven experience leading and mentoring cross-functional teams, with a focus on fostering a culture of security excellence.
• Strong influencing and communication skills, able to effectively interact with senior executives and technical teams alike.

Risk Management:

• Expertise in identifying, assessing, and mitigating cybersecurity risks across digital platforms.
• Ability to prioritize security initiatives based on business impact and risk appetite.
• Knowledge and understanding of commercial, regulatory and more general business risks

Problem-Solving & Analytical Thinking:

• Strong analytical skills with the ability to quickly identify and solve complex security GRC challenges.
• Ability to think strategically and leverage data and information to support decision-making

Project Management:

• Skilled in managing complex projects, with a focus on security initiatives.
• Ability to oversee multiple projects simultaneously, ensuring timely delivery and alignment with business objectives.

Qualifications & Experience

• Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
• Relevant certifications (e.g., CISSP, CISM, CISA, AWS Certified Security – Specialty, or similar) are highly desirable.
• Minimum of 10 years of experience in cybersecurity, with at least 5 years in a leadership role
• Extensive experience in leading security strategy, risk management, controls assurance and other GRC related competencies
• Proven track record in working with senior leadership and external stakeholders to influence security outcomes.
• Familiarity with the gambling or financial services industry is a plus, but not required.