Scientific Games Corporation (NASDAQ: SGMS) is a world leader in gaming entertainment offering the industry's broadest and most integrated portfolio of game content, advanced systems, cutting-edge platforms and professional services.?Scientific Games’ digital arm - SG Digital is a trusted partner to the world's most powerful iGaming,?iLottery?and Sports Betting brands. From our world leading sports betting technology to our in-house game studios and broad partner network of?third party?suppliers, we offer customers the widest portfolio of content available across our?OpenSports?and?OpenGaming?platforms.?
At SG Digital we have 1,600+ employees (including 900+ engineers and developers) and over 200 customers. We currently provide our technology to customers across the globe. Our head office is in London with over 20 offices across the globe spanning EMEA, APAC, and North America.
Leading the charge in the sports betting arena, SG Digital’s?OpenSports?product suite offers end-to-end sportsbook solutions to partners of all sizes in regulated jurisdictions. Covering every aspect of sports betting,?OpenSports?allows operators to pick and choose the tech pieces they need to build a long-term viable product.????
The purpose of this role is to act as SGD’s CISO leading both the Product and Information Security functions of SG Digital reporting into the CTO. The role will be responsible for implementing and overseeing policy and process to protect SGD’s employees and its physical and information assets with a particular focus on cyber security. This includes securing SGD’s infrastructure and systems using access management, network and system security architecture, threat and vulnerability management with end point protection, logging and monitoring. The role will also establish security ledsoftware development processes to enable product security from the start ensuring that SGD develops and delivers secure platforms and properly protects its information. The successful candidate will also ensure compliance and best practice around data handling and storage including GDPR, PCI and equivalent requirements across our markets. SGD is ISO27001 certified this role will make sure this is retained and extended as needed.
It is essential that the role establishes a working Security Committee coordinating subject matter experts and service owners across the company to identify risk and decide mitigating policies and measures, ensuring consistency and stakeholder support.. The CISO and team implement security initiatives and coordinate the evaluation, deployment, and management of current and future security technologies.
This position works closely with the various SGD business units and technology departments and requires the ability to balance business needs with security best practices. The successful candidate will provide effective, high quality, and timely subject matter expertise, input, and guidance on Information Security matters. This role is ‘business facing’ in nature as well as being ‘hands-on’ in terms of delivery. To that end, the successful candidate must demonstrate an aptitude toward building lasting partnerships, relationships and trust within SGD’s business units, clients, and regulators and working partners; and, at the same time, be equipped to talk with authority around a wide range of technical and procedural matters pertaining to SG Digital Information Security.
Strategy & Planning
· Work closely with the business and peers to lead and develop a multi-year Security Strategy and Roadmap which identifies existing gaps to security and delivers a structured plan to mature SGD’s security practice.
· Lead strategic security planning by prioritizing security initiatives to achieve business goals and protect SGD, its customers, platforms and services, games, sensitive data and IP, and the overall IT environment.
· Manage the annual operating and capital budgets for purchasing, staffing, and operations for Information Security.
· Build strong relationships with division organizations including IT, product and software development, client delivery, HR and others along with key SG Corporate functions supporting SGD in order to implement appropriate security controls and protect SG Digital assets.
· Partner closely with the senior/executive leadership of the platform and game teams/studios to ensure ‘security by design’ is incorporated into all projects, that appropriate security controls are understood and adhered to by process, and that security compliance requirements are followed.
· Ensure all data security related regulatory and compliance requirements are met together with the legal team.
· Provide security leadership in supporting contractual and regulatory compliance requirements (e.g. GDPR, PCI DSS, ISAE-3402/SSAE-18 SOC reports, etc.).
· Chair the division Security Committee, managing associated assignments, tasks, and reporting
· Contribute to the company risk register to document and mitigate role related risks.
· Implement, maintain and develop appropriate security certifications for SGD.
· Develop security policy and process, according to industry standards and best practices.
· Work closely with IT and other technology groups to fully secure information, computer, network, and processing systems.
· Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
· Participate in division projects and initiatives including product, client delivery, operations, etc., providing leadership and expertise on security matters, questions, and requirements.
· Ensure compliance to division and corporate policy and processes through reviews and initiatives.
· Oversee vulnerability management for all division networks, applications, and systems.
· Oversee security operations including the monitoring of security tools and services to identify and respond to security events and incidents.
· Head the Security Incident Response Team in responding to and managing security incidents and the activities associated with security incidents including notification, reporting, and investigation.
· Define and test operational threat response procedures, providing continuous process improvement.
· Provide security leadership in supporting sales and client management activities including participating in RFPs, supplier due diligence, on-site visits, etc.
· Oversee vendor and supplier compliance to division requirements through contracts and agreement reviews, conducting supplier due diligence, and ensuring SLA management.
· Remain informed on trends and issues in the security industry, including current and emerging technologies and prices. Advise, counsel, and educate executive and management teams on their relative importance and financial impact.
· Develop and grow the talent and people capability within the Information Security team, optimizing the mix of internal vs. external individuals and 3rd parties as required.
Experience and Qualifications:
· The successful candidate must have held several senior technologist positions and specifically a senior security operations position within a medium to large organization comprising digital and omni-channel services in regulated sectors.
· Demonstrable experience influencing at a senior level, which builds collaborative and trusted internal networks that achieve strategic goals.
· Proven experience in designing and delivering technical solutions that address commercial problems.
· In addition, they must have a track record creating and managing security technologies capable of protecting large-scale, globally highly available, mission-critical digital products and platforms.
· Proven leadership skills - experience in building and motivating high-performing teams.
· Extensive experience managing external suppliers.
· Significant experience managing senior stakeholders up to and including Board Directors.
· Proven track record in maintaining and enhancing skill level according to future technology trends and using innovative approaches in solving and preventing problems.
· A track record providing leadership in thought and vision.
· Expertise in deeply embedding security awareness, operations and culture into all parts of an organization.
· A proven track record in delivering on time and against budget within a highly pressurized 24/7
· Relevant security certifications: CISSP, CISM, CRISC, CISA, OSCP, CEH, ISSMP.
· Successful implementation of security certifications like ISO27001.
· Excellent knowledge of PCI and GDPR.
· Experience of working within the igaming/sports betting industry