Job Description

Head of SOX IT General Controls and Technology GRC - Flutter Functions, HybridLead Cyber Security Manager (I)

About Betfair Romania Development​

Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting,immersiveand safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, weoperateour own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars,SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming

Our Values

The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with ourvalues and are committed to making a difference.

Win together | Raise the bar | Got your back | Own it | Positive impact

AboutFlutterFunctions

The FlutterFunctionsdivisionisakeycomponent of Flutter Entertainment,responsibleforprovidingessentialsupportandservicesacrosstheorganization Thedivisionencompassesvariouscorporatefunctions,includingfinance, legal,humanresources,technology,andmore,ensuringseamlessoperationsandstrategicalignmentthroughoutthe company.

We are seeking a highly skilled and expert Head of SOX ITGC and Technology GRC to join the Flutter Functions Cybersecurity team within Flutter Functions Technology Operations department. As an NYSE-listed company, maintaining good practices and posture relative to our IT General Controls is vital to our continued compliance with SOX and coordinating our cyber control health via our NIST CSF 2.0 framework.

The Head of SOX IT General Controls (ITGC) and Technology Governance, Risk & Compliance (GRC) is responsible for leading and continuously improving Flutter Functions’ IT control environment, with primary accountability for Sarbanes-Oxley (SOX) IT compliance and broader technology risk governance.

This role leads the build, efficiency automation and oversight of our SOX ITGC and Technology GRC risks and controls across a modern and sophisticated platform leveraging multiple cloud environments and third-party providers.

This role will partner closely with Finance, Internal Audit, External Audit, Global Cyber GRC, Enterprise Risk, Insurance and all technology leaders to ensure audit readiness, control effectiveness, and enterprise risk clarity at the Board level. The leader will own and drive reporting across all our controls and lead engagement with Group CIO, ensuring prioritized focus on all things risk and compliance.

The right candidate will be a credible leader with 15+ years’ experience in the SOX / Technology risk and controls space. You should be comfortable reporting to C-Suite and possess an ability to drive collaboration and support across the wider technology community

Key Accountabilities & Responsibilities

SOX IT General Controls Leadership

• Lead and oversee the annual SOX scoping, risk assessments, walkthroughs, testing coordination, and deficiency evaluations effort across in-scope SOX systems and controls in Flutter Functions
• Lead the relationship with Finance (Internal Controls Testing and Assurance teams) and external auditors. Provide challenge and leadership for scoping, testing and remediation review
• Drive education and accountability with the control owner community on the execution and evidencing of relevant IT General Controls
• Oversee remediation of control gaps and ensure timely resolution of audit findings. Drive clarity on remediation position with all relevant partners
• Serve as primary liaison with Internal and External Auditors for ITGC matters.
• Partner with colleagues in Strategy and Enterprise Architecture to ensure we design and build systems to optimise for SOX and our NIST CSF 2.0 cybersecurity framework

Technology Governance & Risk Management

• Oversee the development and implementation of the Flutter Functions cyber and technology risk management strategy aligned with the Global Cyber Risk Management Framework and Enterprise Risk Management Framework

• Lead a team of GRC professional to drive innovative and accurate ways of maintaining a continuous view of our cyber control environment
• Drive advanced approaches to resolving risk and controls posture leveraging AI and modern toolsets
• Reduce manual controls and audit burden through system-based controls.
• Develop risk assessment methodologies for new systems, transformations, and cloud migrations.
• Present IT risk posture, control metrics, and audit results to executive leadership and the Audit Committee.

Stakeholder Management

• Engage with internal and external stakeholders, including senior leadership, to provide strategic insights and influence decision-making around all things SOX ITGC and Tech GRC.
• Represent the organization in discussions with regulators, auditors, and third-party vendors as required
• Prepare materials for the Board and support the Group Director of Technology Operations with any board-related matters & regulatory requests.
• Influence and work with brand-based colleagues to achieve collective objectives and drive best practice across Cyber GRC.
• Build and maintain effective collaborations compliance functions including Group Risk, Group Legal, Group Data Protection, Group Internal Audit and their divisional counterparts

Team Leadership & Engagement

• Build, mentor, and lead a high-performing IT GRC and SOX compliance team.
• Develop a culture of accountability, risk awareness, and operational excellence.
• Influence cross-functional stakeholders at senior and executive levels.

Skills, Capabilities & Experience Required

Leadership & People Management:

• Shown experience leading and mentoring cross-functional teams, with a focus on fostering a culture of compliance and accountability
• Strong influencing and communication skills, able to effectively interact with senior executives and technical teams alike.

GRC Expertise:

• Demonstrative experience of SOX as a control framework and how controls need to be built and positioned to operate in a SOX environment
• Extensive experience in cyber and technology risk management in a senior strategic leadership position

Risk Management:

• Expertise in identifying, assessing, and mitigating cybersecurity risks across digital platforms.
• Ability to prioritize security initiatives based on business impact and risk appetite.

Problem-Solving & Analytical Thinking:

• Strong analytical skills with the ability to quickly identify and solve complex security challenges.
• Strategic thinking in relation to process and control design in how they help rather than hinder the business

Project Management:

• Skilled in handling complex projects, with a focus on security initiatives.
• Ability to supervise multiple projects simultaneously, ensuring timely delivery and alignment with business objectives.
• Bachelor’s or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Relevant certifications (e.g., CISSP, CISM, CISA, AWS Certified Security – Specialty, or similar) are highly desirable.
• Proven experience in cybersecurity, with at least 5 years in a leadership role leading platforms and services security in a large, global organization.
• Strong demonstrable expertise in SOX and other relevant cybersecurity and technology risk frameworks (NIST CSF, ISO 27001, COBIT)
• Consistent record in working with senior leadership and external stakeholders to influence security outcomes.
• Familiarity with the gambling or financial services industry is a plus, but not required.

Benefits:

• Hybrid & remote working options

• €1,000 per year for self-development

• Companysharescheme

• 25 days of annual leave per year

• 20 days per year to work abroad

• 5 personal days/year

• Flexible benefits: travel, sports, hobbies

• Extended health, dental and travel insurances

• Customized well-being programmes

• Career growth sessions

• Thousands of online courses through Udemy

• A variety of engaging office events

Disclaimer:

We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communitieswe’repart of. Youdon'thave to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, andwe’llsee how we can accommodate them.

We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.

Bysubmittingyour application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we willretainyour details for a period no longer than threeyears, to consider you for prospective roles within the company.