Information Security Compliance Manager

We are looking for an Information Security Compliance Manager to join our teams!

📌 Requirements

— 5+ years of experience in Information Security, GRC, or Compliance roles within regulated industries (iGaming, fintech, payments, or similar)
— Proven hands-on experience with information security frameworks and standards such as ISO/IEC 27001 and/or PCI DSS
— Practical knowledge of GLI standards and requirements applicable to iGaming platforms and gaming systems
— Strong understanding of regulatory-driven security and compliance environments
— Experience leading and managing a GRC or security compliance team (2–5 specialists), including task prioritization, performance management, and mentoring
— Proven ability to manage security audits, certifications, and interactions with external auditors, testing laboratories, and regulators
— Practical experience with risk management, policy development, and control governance
— Experience working with cloud-based environments and modern technology stacks
— Strong documentation, analytical, and stakeholder communication skills
— Ability to operate independently, take ownership, and scale compliance processes in a fast-paced, multi-jurisdiction environment

⭐ Will be a plus

— Experience working in iGaming B2C or B2B platforms
— Previous participation in AGCO/Ontario, MGA, UKGC licensing projects
— Hands-on experience with GLI-19 / GLI-33 compliance
— Experience implementing or maintaining ISO 27001 ISMS end-to-end
— Certifications: ISO 27001 Lead Implementer / Lead Auditor, CISM, CISA, CRISC, PCI ISA / PCIP
— Experience supporting SOC 2 Type II or PCI DSS assessments
— Knowledge of responsible gambling controls and player protection requirements
— Experience building documentation frameworks (Confluence, data flows, diagrams)
— Familiarity with Jira workflows for compliance, audits, and evidence tracking
— Understanding of DevSecOps and security testing practices

💭 Soft Skills

— Strong communication skills with both technical and non-technical stakeholders
— Ability to translate regulatory and legal requirements into clear technical tasks
— High level of ownership, structure, and attention to detail
— Strong analytical and documentation skills
— Ability to manage multiple concurrent audits and compliance initiatives
— Proactive problem-solving mindset and ability to challenge assumptions
— Ability to work cross-functionally with Product, Engineering, DevOps, Security, and Legal
— Resilience and ability to work in a fast-paced, high-growth environment
— Excellent English, written and spoken

📌 Responsibilities

— Own and manage information security compliance across the iGaming business, including ISO/IEC 27001, PCI DSS, and applicable GLI standards
— Define, maintain, and continuously improve the GRC framework, including security policies, risk management processes, and control governance
— Lead and coordinate information security audits, certifications, and regulatory or laboratory assessments
— Manage and develop a small Security Compliance team, ensuring effective delivery of compliance and audit activities
— Oversee third-party and vendor security compliance, including payment providers, game providers, and technology partners
— Ensure security and compliance requirements are embedded into products, platforms, and operational processes
— Oversee security incident handling from a compliance, audit, and regulatory reporting perspective