Technical Compliance and Security Analyst
Job Description
- Experience working within the iGaming industry is a big plus.
- Good working knowledge of cloud-based infrastructure, particularly AWS.
- Own the Security Schedule: Plan, coordinate, and manage all external security testing (Pen Tests, vulnerability scans & audits).
- Be the Messenger: Distribute and clearly explain external security findings to the relevant engineering teams.
- Drive Remediation: Follow up with engineering teams to ensure vulnerabilities are appropriately addressed.
- Log Maintenance: Maintain a centralized log of all security findings, remediation plans, and closed items to evidence our robust Security Development Lifecycle (SDL) and continuous improvement.
- Liaise with Key Third Parties: Be the main point of contact for our chosen external security auditors and the various regulatory bodies with which we work on all security-related matters.
- Ongoing Security Awareness: Stay up to date with regulatory changes and emerging security vulnerabilities.
- Security Champion: Champion a robust and secure approach within the organisation, ensuring our policies and procedures are reflective of this approach.
- 3+ years in a technical compliance, InfoSec, or similar role.
- Proven ownership of the entire lifecycle of security testing (from scoping to remediation validation).
- The ability to review a security assessment/audit report and translate it into a clear action plan.
- Experience managing third-party security vendors (coordinating, checking their work, managing the relationship).
- Sharp analytical skills to assess the real-world severity and impact of security findings on a high-traffic iGaming RGS.
- Experience overseeing external audits, particularly against standards such as NIST-CSF and GLI-19.
- Solid working knowledge of key security frameworks such as ISO 27001.
- Excellent, clear communication.
- Detail orientated and the ability to work autonomously and collaboratively.
- A remote and flexible working schedule.
- Generous time off varied based on the country of residence.
- Discretionary annual performance bonus
- Training and other learning & development opportunities to support you through your career progression.
- Hardware & Software allowance or work equipment is provided to make sure you have all the right tools to get the job done.
- Various well-being programmes and initiatives.
About White Hat Studios
White Hat Studios (WHS) are a part of White Hat Gaming (WHG), who were founded in 2012. WHG is an online casino technology and services company with offices in Malta, London, Gibraltar, Chicago, and Cape Town. With a global team of over 500 specialists, we deliver a market-leading iGaming platform that is secure, scalable and reliable. Our PAM is built end to end by WHG, allowing for requirement agility and flexibility.
In 2021, WHS was created via the acquisition of an EGS, brand and gaming catalogue from Blueprint Gaming, one of Europe’s biggest iCasino content providers. For the first time, leading content from Blueprint, Reel Time, Merkur and Lucksome Studios will be offered by WHS to players on the US market.
At WHG and WHS, we promote and foster a highly collaborative environment, offering complete flexibility and autonomy to our people. As we grow rapidly, we continue to maintain a start-up atmosphere where we help each other and take a holistic approach to our day-to-day responsibilities.
In Summary:
We’re looking for a Technical Compliance and Security Analyst to join our growing Technical Compliance team to help us maintain the strong technical compliance and security posture of our RGS offering, the infrastructure behind it and the people and organization that make it all happen.
Your day to day:
- Own the Security Schedule: Plan, coordinate, and manage all external security testing (Pen Tests, vulnerability scans & audits).
- Be the Messenger: Distribute and clearly explain external security findings to the relevant engineering teams.
- Drive Remediation: Follow up with engineering teams to ensure vulnerabilities are appropriately addressed.
- Log Maintenance: Maintain a centralized log of all security findings, remediation plans, and closed items to evidence our robust Security Development Lifecycle (SDL) and continuous improvement.
- Liaise with Key Third Parties: Be the main point of contact for our chosen external security auditors and the various regulatory bodies with which we work on all security-related matters.
- Ongoing Security Awareness: Stay up to date with regulatory changes and emerging security vulnerabilities.
- Security Champion: Champion a robust and secure approach within the organisation, ensuring our policies and procedures are reflective of this approach.
What we are looking for:
- 3+ years in a technical compliance, InfoSec, or similar role.
- Proven ownership of the entire lifecycle of security testing (from scoping to remediation validation).
- The ability to review a security assessment/audit report and translate it into a clear action plan.
- Experience managing third-party security vendors (coordinating, checking their work, managing the relationship).
- Sharp analytical skills to assess the real-world severity and impact of security findings on a high-traffic iGaming RGS.
- Experience overseeing external audits, particularly against standards such as NIST-CSF and GLI-19.
- Solid working knowledge of key security frameworks such as ISO 27001.
- Your communication is excellent, clear, and
- Detail orientated and the ability to work autonomously and collaboratively.
Nice to have:
- Experience working within the iGaming industry is a big plus.
- Good working knowledge of cloud-based infrastructure, particularly AWS.
How we approach things:
- Dynamic Medium-Sized Environment: We have a can-do ethos, where innovation is encouraged, and action is valued.
- Core Values at Heart: We live by Teamwork, Innovation, Trust, and Integrity in everything we do.
- Results-Oriented Focus: We prioritize getting things done while supporting each other to reach both collective and individual goals.
- Open Collaboration: Our open-door policy fosters collaboration across all levels and departments, where ideas flow freely.
- Global Team: We are truly a global team with people from various countries and cultures contributing to our success.
What we offer:
- A remote and flexible working schedule.
- Generous time off varied based on the country of residence.
- Discretionary annual performance bonus
- Training and other learning & development opportunities to support you through your career progression.
- Hardware & Software allowance or work equipment is provided to make sure you have all the right tools to get the job done.
- Various well-being programmes and initiatives.
Everything about WHS won't fit into a job ad, want to find out more about working with us? Apply to get the conversation started.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, gender, disability, religion/belief, sexual orientation, or age.
By submitting your application, you agree that we process your data in accordance with our Privacy Policy for the management of your candidature to any of the positions we offer._
