This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Head of IS Security, Betting Jobs

Jump to: navigation, search

Head of IS Security.

One of the best known gaming companies now has the requirements to hire a Head of IS Security. The role of Head of IS Security is to enable the company's on-line function to manage its’ security effectively by providing strategic direction, functional leadership and oversight.

Security and Risk Strategy, Policies and Procedures

•Ensure adherence to any / all applicable legislation as well as the companies Online IS Security policy and principles, including Gaming Commission and PCI-DSS.

•Direct the development and communication of the companies Online strategic direction for security.

•Set the Information, Security and Risk Policy and supporting guidelines to meet legal, regulatory and business needs

•Direct an effective research programme to ensure the companies Online department are kept abreast of technology, business and regulatory developments to the benefit of the company

•Develop, own and police compliance to the Security policies (including applications, data, hardware and networks)

•Ensure the alignment / integration of security management with business strategies and requirements

•Ensure the alignment of security with the overall group.

Security Management

•Manage threat assessment and security control reviews, business risk assessments, and reviews that follow significant breaches of security controls

•Establish and manage an incident response service to contain, investigate and prevent future breaches

•Ensure adherence to all company On-line policies and guidance as defined including legislative (such as data protection and software copyright law) or regulatory requirements (such as Gambling Commission) and commercial obligations (such as PCI DSS)

•Lead awareness and training initiatives relating to security throughout the department

•Ensure the integrity of systems through provision of appropriate services (e.g. penetration testing)

•Ensure the availability of services through provision of appropriate controls, monitors and response with respect to, for example, intrusion detection and denial of service attacks

•Ensure that on a daily basis systems are monitored for any anomalous activity

•Maintain awareness of new security technologies, legislation and standards and be aware of new risks and vulnerabilities

•Lead the resolution of Internal Audit actions

Operational Budgeting and Reporting

•Understand the budgeting and cost elements of the security framework and the detailed breakdown of components;

•Develop a quarterly forecast as required to ensure future requirements are catered for.

•People Management, Team Leadership and Development

•Create team spirit and ensure morale is maintained at high levels through effective communication

•Ensure that team / individuals all have clear understanding of roles and responsibilities as well as an understanding of the wider business priorities and how their activities fit into the wider business goals

•Ensure that resources are managed to ensure optimal utilisation.

Performance criteria

•Policy and standards are in place for all platforms where risk levels are high or distributed administration is prevalent

•Mechanisms are in place for identifying security failures

•Security review and approval is a standard part of the Project Framework

•Objectives and targets for security management are set, recorded and reviewed on a regular basis

•Reports and notifications of security incidents / control are circulated on a regular basis

•SLAs and OLAs are monitored and the comapanies Online IS Senior Management receive regular reports on the effectiveness and status of provided services

Qualifications, skills & experience


•Exceptional experience in the eCommerce security sphere is required – likely an acknowledged leader in the field.

•A strong customer focus, recognising internal and external customers, establishing effective relationships. Aware how the external market affects the business and service

•Strong communication (verbal/written) and influencing skills, with an ability to manage internal and external relationships up to senior levels of management

•Effective team building skills to encourage positive team environment

•Proven track record and ability in leading technical staff, using wide-ranging skills (including planning, organising and interpersonal skills)

•Likely to have gained significant practical experience in IS, IS Security or equivalent areas including some years at a Senior Security or Risk Analyst level (or equivalent)

•A strong technical knowledge and appreciation of IS / IS Security principles including regulatory, legislative and industry practices gained through practical experience and/or professional qualification(s)

•Proven track record in analysing complex technical situations, articulating technical security issues and associated risks, making recommendations, influencing outcomes, decision making and ensuring successful delivery

•A technical knowledge and working application of most computer, database, applications, Internet and network and communication technologies employed across the company. In sufficient depth and breadth to be able to deliver the services (as detailed in the principle accountabilities section 4.) for multiple and complex environments / projects

•Direct experience of the ITIL Information Security Process and IS 270001


•Security certifications – CISSP, CISA, CISM, GIAC

•Technical certifications – CCSP, CCSA, CCSE, CEH,

•ITIL certification or experience of working within an ITIL oriented organisation.

•Security project management experience.

•Good knowledge of server and desktop systems

•Holds a degree in an IT discipline

If this sounds like a position you would be interested in then please do not hesitate to apply directly. Alternatively feel free to contact [email protected] to arrange a confidential conversation.