Security Risk Analyst

What are we building?

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, the new Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space — ready to join us?

What’s the position?

We are seeking experienced Cybersecurity Risk Analysts to join our security team at a leading US online gaming platform. This role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards. The analyst role involves conducting risk assessments, developing risk management and mitigation strategies, supporting audit activities, and ensuring compliance with security policies and compliance requirements.

This role is crucial for our organization to proactively manage technology risks and maintain a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen to effectively communicate and manage risks across all organizational levels.

Key Responsibilities

Risk Assessment and Management

• Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations.

• Develop and maintain risk registers, threat models, vulnerability and threat management programs, and maintain risk treatment plans.

• Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005).

• Evaluate third-party vendor security risks and assess supply chain vulnerabilities.

Risk Mitigation and Control Implementation

• Develop and recommend risk mitigation strategies and security controls

• Collaborate with technical teams to implement security measures and monitor their effectiveness

• Track remediation efforts and verify risk reduction activities

• Create and maintain risk metrics and key risk indicators (KRIs)

Compliance and Governance

• Ensure alignment with both internal, regulatory, and industry requirements (state-specific gaming and privacy regulations, ISO27001, PCI-DSS, financial audits, etc.)

• Support internal and external audits by providing risk documentation and evidence

• Maintain security policies, procedures, and risk management frameworks

• Assist in developing and updating the organization's cybersecurity strategy

Reporting and Communication

• Prepare risk reports and dashboards for management and stakeholders

• Present risk findings and recommendations to technical and non-technical audiences

• Document risk assessment methodologies and maintain assessment artifacts

• Provide risk-based guidance for security strategy decisions

Incident Response and Business Continuity

• Participate in site reliability incident response activities, in particular post-incident reviews

• Similarly participate in security incidents for risk impact and lessons learned

• Support business continuity and disaster recovery planning

• Conduct tabletop exercises and risk scenario planning

What are we looking for?

Education

• Bachelor's degree in Computer Science, Information Security, Technology Risk Management, or related field

• Relevant certifications can substitute for formal education requirements

Experience

• 3-5 years of experience in cybersecurity, risk management, or IT audit within the tech industry

• Demonstrated experience with risk assessment methodologies and frameworks

• Knowledge of security controls and their implementation

• Experience with GRC tools

Technical Skills

• Understanding of security technology concepts (firewalls, IDS/IPS, SIEM, vulnerability discovery, CI/CP pipelines)

• Familiarity with cloud security (AWS, Azure, GCP)

• Knowledge of network protocols and security architectures

• Basic scripting abilities for automation

Certifications (Preferred)

• CRISC (Certified in Risk and Information Systems Control)

• CISA (Certified Information Systems Auditor)

• CISSP (Certified Information Systems Security Professional)

• CompTIA Security+ or CySA+

• ISO 27001 Lead Implementer/Auditor

Soft Skills

• Strong analytical and problem-solving abilities

• Excellent written and verbal communication skills

• Ability to translate technical risks into business impact

• Detail-oriented with strong organizational skills

• Ability to work independently and manage multiple projects

• Strong interpersonal skills for stakeholder management

Additional Preferred Qualifications

• Experience with specific GRC platforms (Vanta, OneTrust)

• Knowledge of emerging threats and threat intelligence

• Experience in cloud based technology organizations

• Understanding of DevSecOps and agile methodologies

• Experience in regulated industry sectors

What’s in it for you?

We offer our employees more than just competitive compensation. Our team benefits include:

• Competitive pay and benefits

• Flexible vacation allowance

• Flexible work from home or office hours

• Startup culture backed by a secure, global brand

• Opportunity help shape the future strategy of the Casino Product

Roster of Uniques

We care deeply about every interaction our customers have with us, and trust and empower our staff to own and drive their experience. Our vision for our business and customers is built on fostering a diverse and inclusive work environment where regardless of background or beliefs you feel able to be authentic and bring all your talent into play. We want to celebrate you being you (we are an equal opportunities employer)