Information Security Governance, Risk & Compliance Principal - InfoSec

A bit about us

Do you want to join one of the world’s fastest growing sports technology companies?

Genius Sports is at the epicentre of the global network connecting sports, brands and fans through official live data. Our mission is simple. We champion a more sustainable sports data ecosystem that benefits all parties.

We’re looking for enthusiastic and ambitious people to join our talented team.

If you see yourself becoming part of a global family building the future of sports entertainment together, then come and grow with us. 

We put trust in our people to deliver the difference for our clients around the world. It’s why many of the world’s largest leagues & federations such as the NFL, English Premier League, FIBA and NCAA choose to work with Genius Sports.

THE ROLE

We are accelerating our security journey, aiming to deliver the most trusted sports technology and data on the market, elevating security as a competitive differentiator. Our Security vision is to win customers, partners and fans based on trust in our ability to always protect their data. We strive to achieve this through our mission to always embed Security into the way we act and the products we deliver.

Are you ready to play defence? We are seeking an experience Information Security Risk & Compliance Principal who can take the lead in ensuring we meet our security compliance, and

This is a great opportunity to join our team at a fantastic time of growth and truly make an impact.

The successful candidate will be an engaging, self-starter who is able to operate with high levels of autonomy and strives for continuous improvement. The candidate should have a track record of leading in the Security GRC domain within highly technology driven environments. They will feel comfortable holding others accountable to compliance and risk management responsibilities and be confident in challenging when needed. The ability to influence cross-functionally and at a senior level and galvanise others behind the importance of risk and compliance will be critical in this role.

The Role

Compliance Oversight

• Ensure compliance with the Security aspects of applicable laws, regulations, and industry standards including ISO 27001, SOX, PCI DSS, Data Protection.
• Maintain and continuously improve our ISO 27001 Information Security Management System, ensuring it is effective and well embedded across the business.

• Lead all internal and external auditing activities, including facilitating audits and delivering your own audits.

• Develop and maintain pragmatic and relevant security policies and procedures.

Security Risk and Control Management

• Develop, implement, and maintain comprehensive security risk management processes to ensure security risks are effectively identified, assessed and managed.
• Identify, evaluate, monitor and drive accountability for security risk mitigation and control compliance across all the business.
• Collaborate closely with our Risk team to ensure alignment to our Enterprise Risk Management framework and requirements.
• Monitor and analyse emerging threats and trends to proactively identify and adjust security risks and appropriate controls.

Third Party Security

• Mature our third-party security risk management capabilities, ensuring third-parties are adequately assessed and adhere to our standards.
• Propose and ensure deployments of security measures to minimise third party risk.
• Ensure the satisfactory completion of due diligence requests from third parties including customers and partners.
• Collaborate with our Privacy and Legal teams to negotiate security terms in vendor and customer contracts, ensuring they protect the needs of the business.

Other

• Contribute to the successful execution of the Security strategy, owning the delivery of risk and compliance aspects.
• Drive continuous improvement to streamline and mature our processes, working cross-functionally with key stakeholders.
• Communicate security, risk, and compliance initiatives, and outcomes to senior leadership, the broader organisation and external stakeholders.
• Develop and provide frequent reports on our security risk and compliance profile to key stakeholders.

REQUIRED SKILLS & EXPERIENCE

Who you are:

• An experienced, self-starter who strives for continuous improvement, bringing solutions to the table and taking ownership for delivery.

• Able to operate with high levels of autonomy and build or adapt processes, rather than rely on pre-existing ones.

• Able to hold others accountable to their responsibilities and influence through encouragement and conveying the value of risk and compliance.

• Views security as an enabler, promoting a positive mindset around security, but able to be firm when needed.

• Empathetic to competing priorities, able to disagree and commit, and remain resilient.

• Technology minded without needing to be a deep expert. An understanding of software development practices and cloud environments, able to understand and build credibility with highly technical teams (e.g. IT, Engineers, Product).

• Able to develop and deliver reporting at an Exec level with the confidence to call out deficiencies in a constructive manner.

What you’ll bring:

• Extensive experience overseeing risk and compliance activities, including leading the maintenance and improvement of ISO 27001 certified ISMS.
• Deep understanding of risk management practices and experience driving risk culture.
• Expertise in applicable laws, regulations and standards including Data Protection Laws, SOX, ISO 27001, SOC 2 and NIST.
• Relevant certifications in cybersecurity, GRC, or related areas is desirable (e.g., CISM, CISSP, Lead Auditor).
• Experience in a technology and software engineering led organisation working with Agile methodologies is desirable.

What’s in it for you?

As well as a competitive salary and annual leave allowance, our benefits include health insurance, skills training and much more, depending on the location. We also offer a host of softer benefits, including many social events throughout the year such as summer and winter holiday parties, monthly team building events, sports tournaments, charity days and wellbeing activities.

How we work

We have adapted a forward-thinking ‘Ways of Working’ framework, which sets out (amongst other things) the opportunities for Geniuses to work flexibly, remotely and on working holidays. It affects different teams and locations differently, so please ask for further information in how it would work with this role.

Our employees are empowered to stretch the boundaries of what’s achievable, always reaching further and pushing the edges to see what gives. We collaborate, we innovate, and we celebrate. We will continue to grow as an organisation and continue to invest in our highly talented and diverse team of Geniuses. 

Genius Sports Group is proud to be an equal opportunities employer. We recognize and celebrate the benefits that a diverse and inclusive workforce bring to our business, our customers and our staff. We welcome and will consider all applications regardless of age, different abilities or disability, gender re-assignment, marriage, pregnancy, maternity, race or nationality, religion or belief, sex and sexual orientation (and any other applicable status). Please let us know when you apply if you need any assistance during the recruiting process due to a disability.