Senior GRC Specialist

Malta·St. Julian'sRemoteEmployeesenior

OtherIt Specialist

0 views0 saves0 applied

Apply Now

Quick Summary

Overview

The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best…

Key Responsibilities

Establish the GRC Roadmap: Assess our current environment, identify gaps, and design a clear, actionable GRC roadmap aligned with our business goals. You tell us what we are missing and how to fix it.

Requirements Summary

You'll be a great fit if you have: 5–8+ years of dedicated experience in Cyber GRC, Information Security, or Technology Risk. Framework Expertise: Demonstrated, hands-on experience implementing and managing ISO 27001:2022 (mandatory).

Technical Tools

fintechsaas

Responsibilities

~2 min read

→Establish the GRC Roadmap: Assess our current environment, identify gaps, and design a clear, actionable GRC roadmap aligned with our business goals. You tell us what we are missing and how to fix it.
→Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner actively with product and engineering teams during the design phases to find secure paths to "yes," ensuring our governance supports business velocity rather than slowing it down.
→Lead Framework Implementation: Take full responsibility for managing and maturing our ISO 27001:2022 certification. Drive compliance initiatives for PCI DSS and prepare our posture for NIS2 requirements.
→Drive Risk Management: Autonomously select and implement the most appropriate risk management frameworks. Own the risk register, lead risk assessments, and translate complex technical risks into clear business impacts and mitigation strategies.
→Design Business-Aligned Governance: Design, write, and enforce information security policies and standards. Actively solicit feedback from engineering and business teams to ensure policies are practical and business-enabling.
→Champion Security Culture: Own and evolve our security awareness program. Move us beyond boring, "check-the-box" compliance videos by creating engaging, context-aware training that actually resonates with engineers, product teams, and business operations.
→Lead Audits & Compliance: Take the helm on all internal and external security-focused audits, assessments, and reviews. Act as the definitive subject matter expert for regulatory inquiries.

Requirements

~1 min read

5–8+ years of dedicated experience in Cyber GRC, Information Security, or Technology Risk.
Framework Expertise: Demonstrated, hands-on experience implementing and managing ISO 27001:2022 (mandatory). Deep knowledge of PCI DSS and familiarity with NIS2 is highly desirable.
iGaming Experience is a Strong Plus: A deep understanding of the technology-led, highly regulated iGaming environment is highly desirable. (If you don't have this, proven experience in similarly complex, fast-paced, and regulated sectors like fintech, SaaS, or payments is a great substitute).
An "Enabler" Mindset: The commercial awareness to understand that security exists to protect the business, not to halt it. You excel at finding pragmatic, secure workarounds rather than just throwing up red tape.
Strategic & Autonomous Execution: You don't need a checklist; you create the checklist. You have a track record of building or significantly maturing GRC functions from the ground up.
Mature Judgment: You possess the emotional intelligence to work alongside highly technical teams. You leave your ego at the door, listen to feedback, and focus on collaborative problem-solving.
Exceptional Communication: Strong analytical, risk assessment, and documentation skills, with the ability to articulate complex security concepts to both engineers and executive leadership.
Alignment with our Values: High integrity, ownership, transparency, and a continuous drive for performance and improvement.