Head of IT Compliance
Description
About Us:
ARRISE sets the benchmark for service delivery and excellence in the iGaming industry. Playing a key role in the success of its clients, which include Pragmatic Play, a brand relied upon by the world’s biggest online casinos for its cutting-edge products, ARRISE helps to deliver exceptional gaming experiences to millions of players worldwide.
Our global team of over 9,000 talented and driven professionals are shaping the future of iGaming. Headquartered in Gibraltar, we have offices spanning Canada, India, the Isle of Man, Latvia, Malta, Romania, Serbia, Bulgaria, and the UAE, and more exciting destinations on the horizon.
At ARRISE, we take pride in creating growth opportunities at all levels, constantly investing in our people while welcoming new colleagues and forging strategic partnerships that open new opportunities for success.
To achieve this, we bet on ourselves. We know that success is a collective effort, and our team is driven by ambition, collaboration, and a shared commitment to grow and succeed—while embracing every step of the journey.
Be part of the future of iGaming with 10,000 ARRISERS! See a job that excites you? Apply now, and our friendly recruitment team will connect with you soon. Your journey starts here!
About the Role
We are seeking an experienced IT Compliance Specialist to lead and manage our compliance programs across ISO 27001 and SOC 2, ensuring our gaming platform and related services meet the highest standards of security, privacy, and regulatory compliance. The role will serve as the primary liaison for both external and internal auditors for ISO 27001 certification and SOC 2 attestation, with a focus on addressing scope changes, corporate structure changes, and responding to client security questionnaires.
Key Responsibilities
Compliance Management
- Lead and maintain the company’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Trust Services Criteria certification programs.
- Serve as the primary point of contact for engaging with external and internal auditors, facilitating ISO 27001 certification and SOC 2 attestation processes.
- Own compliance audits: plan, coordinate with auditors, collect evidence, and provide comprehensive audit responses.
- Manage risk assessments, control testing, and remediation activities to ensure ongoing compliance.
Policy & Process Governance
- Develop, maintain, and enforce IT security and compliance policies, procedures, and standards.
- Ensure documentation aligns with ISO 27001 Annex A controls, SOC 2 requirements, and addresses evolving compliance needs due to scope or structural changes.
- Respond to client security questionnaires with accurate and detailed information to demonstrate compliance.
Control Implementation & Monitoring
- Oversee access control, change management, incident management, and third-party/vendor risk management within the scope of ISO 27001 and SOC 2.
- Ensure compliance across environments supporting software development, hosting platforms, and APIs.
- Monitor the effectiveness of security controls and recommend improvements to mitigate emerging risks.
Audit & Assurance
- Act as the central liaison for external auditors, regulators, and certification bodies, ensuring clear communication and issue resolution.
- Conduct internal compliance audits, gap assessments, and readiness reviews to maintain certification readiness.
- Track and close compliance findings and audit issues, ensuring timely resolution and documentation.
- Provide expert guidance on compliance implications of ISO 27001 scope changes and corporate structure changes.
Training & Awareness
- Build awareness of compliance requirements across development, operations, and support teams.
- Deliver targeted training on compliance obligations, including secure software development, data handling, and gaming industry standards.
- Vendor & Third-Party Risk Management
- Assess compliance of key vendors, including cloud hosting providers, content partners (e.g., Pragmatic Play), and integration providers.
- Ensure contractual and SLA alignment with ISO 27001 and SOC 2 requirements.
- Reporting
- Provide regular compliance updates, risk posture reports, and responses to client inquiries to senior management and stakeholders.
- Support management with compliance performance metrics and KPIs.
Qualifications & Experience
- Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field.
- 5+ years’ experience in IT compliance, GRC, risk management, or information security, ideally in gaming, fintech, or other regulated industries.
- Strong understanding of:
- ISO 27001:2022 Information Security Management System (ISMS)
- SOC 2 Trust Services Criteria (Security, Availability, Confidentiality, Processing Integrity, Privacy)
- Proven track record of leading certification and audit processes, including direct engagement with auditors.
- Experience responding to client security questionnaires and communicating compliance status effectively.
- Experience with SaaS/PaaS environments, APIs, and cloud-based hosting services.
- Knowledge of secure SDLC, DevOps, and CI/CD compliance integration.
- Professional certifications preferred (e.g., CISA, CISM, ISO 27001 Lead Implementer/Auditor, CCSK, CRISC).
Key Skills
- Excellent knowledge of IT compliance, audit, and risk frameworks, with expertise in ISO 27001 and SOC 2.
- Strong communication and stakeholder management skills, with the ability to represent the company to auditors and clients.
- Ability to influence cross-functional teams (dev, ops, support) to adopt compliance practices.
- Analytical thinker with a problem-solving approach to compliance challenges, including scope and structural changes.
- Detail-oriented with strong documentation, evidence management, and client questionnaire response skills.
What we offer:
- We offer a highly competitive salary
- A detailed company training on highest standards
- A chance to work in friendly and supportive culture
- Tremendous growth opportunities in a large fast moving international company