Information Security Manager

About the Company

Our client is a well-established international gaming technology and content provider that's been around for more than two decades, supplying licensed betting and casino operators across a wide range of regulated markets. Their products are independently tested and certified to international standards, and their reputation rests on the integrity, security and technical quality of everything they put into the market.

Operating across multiple jurisdictions, the business sits at the point where technology, product and regulation meet. As they continue to expand into newly licensed markets, security, risk and compliance have become central to how safely and credibly they can grow, which makes this a genuinely strategic function rather than a back-office one.

The environment is collaborative and standards-led, with a strong emphasis on integrity, clarity and ownership. You would have real visibility across technology, product, operations, legal and executive leadership, and the standing to set the security and governance agenda for the business.

Job Overview

We are looking for an Information Security Management System (ISMS) Manager to lead information security governance, enterprise risk management and regulatory compliance across a highly regulated iGaming environment. The role reports to the Director of Legal and Compliance and works closely with senior leadership and stakeholders across Technology, Product, Operations, Legal and Compliance.

This is a standalone leadership role rather than a team-management one. You will personally own the ISO 27001-aligned Information Security Management System, provide strategic oversight of cyber, operational and technology risk, and translate regulatory and technical requirements into practical governance frameworks that drive accountability across the business.

It will suit an experienced security and risk leader who is comfortable being the authoritative voice in the room, enjoys influencing without direct authority, and wants the visibility that comes with reporting risk and assurance directly to executive management and the Audit and Risk Committee. The role is offered on a hybrid basis.

Duties and Responsibilities

Enterprise Risk Management

• Lead the design, implementation and continuous improvement of the Enterprise Risk Management framework, aligned to ISO 31000 and business strategy.
• Own the enterprise-wide risk process, ensuring risks are identified, assessed, prioritised, mitigated, monitored and reported across all business functions.
• Chair risk assessment workshops with business and technical stakeholders, driving accountability for risk ownership and treatment.
• Maintain executive oversight of the central risk register, keeping it complete and aligned to the organisation's risk appetite and tolerance thresholds.
• Provide strategic risk insight to senior leadership, enabling informed decisions on operational, regulatory, cyber and technology risk.
• Track and report key risk indicators, control effectiveness and remediation progress, and oversee the optimisation of GRC platforms and reporting.

Information Security Management System (ISMS) Oversight

• Take full ownership of the Information Security Management System, ensuring its ongoing effectiveness, maturity and alignment to ISO/IEC 27001:2022.
• Lead the development, review, approval and communication of information security policies, standards, procedures and controls across the organisation.
• Drive the information security roadmap so that security initiatives support business priorities, regulatory obligations and operational resilience.

Regulatory Compliance and iGaming Assurance

• Lead information security and risk compliance across relevant iGaming jurisdictions, aligned to applicable regulatory, legal and contractual obligations.
• Maintain oversight of compliance with standards and regulations including POPIA, GDPR, UKGC requirements and other jurisdiction-specific obligations.
• Coordinate regulatory and certification audits across internal teams, external providers and international stakeholders, ensuring timely readiness and response.
• Interpret regulatory developments and translate them into actionable business and security requirements, partnering with relevant teams to deliver them.
• Act as the central point of contact for risk, compliance and information security in support of regulatory inspections, client due diligence and audit requests.

Leadership, Reporting and Stakeholder Engagement

• Serve as the lead representative for ISMS, cyber risk and security governance, engaging confidently with senior stakeholders, committees, auditors and external partners.
• Build strong cross-functional relationships across Technology, Product, Operations, Legal, Compliance and executive leadership to embed risk-aware decision-making.
• Support business leaders in understanding their control responsibilities, security obligations and risk ownership.
• Drive a culture of security awareness, accountability and continuous improvement through training, communication and governance initiatives.
• Prepare and present clear, data-driven reports to executive management and the Audit and Risk Committee on risk exposure, audit outcomes, security maturity and remediation.

Minimum Requirements

• 5 to 8 years' experience within iGaming, sports betting or a similarly stringent, highly regulated digital transaction environment.
• Strong working knowledge of international iGaming compliance frameworks and how the iGaming industry operates.
• A tertiary qualification (degree or higher) in Information Technology, Cyber Security, Risk Management or a related discipline, and / or a recognised professional certification such as CISM, CRISC or ISO 27001 Lead Implementer or Auditor.

Nice-To-Have

• Hands-on experience maintaining or certifying an ISMS specifically against ISO/IEC 27001:2022.
• Familiarity with ISO 31000 enterprise risk management and the administration of GRC platforms.
• Exposure to multiple international iGaming jurisdictions, including UKGC requirements.
• Experience reporting risk and security matters to an Audit and Risk Committee or equivalent governance forum.

Personal Attributes

The ideal person is:

• An excellent communicator, able to articulate complex technical and risk matters to non-technical stakeholders in a clear and authoritative way.
• Honest, with high personal integrity and a strong sense of accountability.
• A critical and analytical thinker, with sound problem-solving judgement.
• Proactive and agile, comfortable adapting in a fast-moving, highly regulated environment.
• Structured, disciplined and process-driven in approach.

How to Apply?

This is a standalone leadership role with genuine influence, owning information security, enterprise risk and regulatory assurance across a licensed, multi-jurisdictional gaming environment. You would be the authoritative voice on ISMS and cyber risk, engaging directly with executive leadership and the Audit and Risk Committee, and shaping the security and governance maturity of the business.

If you are an experienced information security and risk leader who knows the iGaming world, we would like to hear from you.

Email your CV to charne@skillzpage.com

(If you don’t hear from us within 2 weeks, please consider your application unsuccessful.)