Cyber Controls Data Analyst - Flutter UKI, Hybrid
About Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
Flutter UK & Ireland are the UKI region of Flutter Entertainment. They unite a dozen brands including powerhouses Paddy Power, Betfair, Tombola and Sky Betting & Gaming, bringing together hundreds of teams and thousands of colleagues, who create trusted entertainment for millions of customers every week.
Role Overview:
The Cyber Controls Data Analyst will be responsible for interpreting, analysing, and reporting on the outputs of Flutter UK&I's Cyber Controls Monitoring platform (Anecdotes), translating raw control test data into meaningful insights that drive informed decision-making. Working in the CCM team, the role sits at the intersection of data analytics and cyber control monitoring, ensuring that control monitoring outputs are accurately interpreted, clearly communicated, and actioned by the right stakeholders. The analyst will be an important contributor to a programme central to Flutter UK&I's cybersecurity strategy, directly shaping the region's ability to understand control maturity, identify weaknesses, and demonstrate continuous improvement.
Key Accountabilities & Responsibilities:
Data Analysis & Interpretation
- Review and interpret policy and framework requirements (e.g. NIST CSF, ISO 27001, PCI-DSS, SOX) and translate them into detailed control test specifications that the Engineering team can build integrations and extraction logic against
- Analyse and interpret control monitoring outputs from the performed tests, identifying control failures, exceptions, anomalies, and trends that require attention or escalation.
- Perform cross-system data correlation to enrich control test results, combining data from multiple sources to build a complete picture of control status.
- Define control test thresholds and exception criteria in collaboration with the system/control owners and the CCM team, ensuring monitoring outputs are meaningful, accurate, and actionable.
- Validate data quality and completeness, flagging issues to the Engineering team where pipeline outputs do not meet required standards.
Reporting & Dashboards
- Build and maintain dashboards in internal BI tooling (e.g. Looker) that provide up-to-date visibility of control maturity and health to internal stakeholders.
- Produce tailored reporting packs for key stakeholders, aligned to their specific evidence and insight requirements.
- Track and report progress against programme key results, including monitoring coverage and improvement in control weakness indicators.
- Visualise control maturity trends, risk hotspots, and remediation progress in a format accessible to both technical and non-technical audiences.
Control Testing Support
- Identify the systems and data sources that hold the relevant evidence, documenting data requirements, expected formats, and quality thresholds before handover to the engineer.
- Design the test logic for each control, defining what a passing control looks like, what constitutes a failure or exception, what thresholds trigger an alert, and what evidence is required to demonstrate control performance.
- Maintain and continuously improve the control testing library within Anecdotes, ensuring test logic, thresholds, and evidence requirements are documented and up to date.
- Support post-implementation validation of new control monitors, confirming that outputs meet acceptance criteria before controls go live.
- Contribute to the mapping of control test results against relevant frameworks including NIST CSF, ISO 27001, PCI-DSS, and SOX, supporting compliance reporting and audit evidence requirements.
- Work with the Engineering team to translate control objectives into precise data requirements, ensuring the right data is being extracted and tested.
Stakeholder Collaboration & Enablement
- Act as the analytical point of contact for second-line assurance, risk, and GRC teams, providing data-driven responses to queries about control performance and monitoring outputs.
- Support intake triage by providing data-informed assessments of control monitoring requests, helping prioritise based on risk exposure and existing coverage gaps.
- Present control status insights to the CCM team in a clear, concise, and evidence-based manner.
- Provide guidance to relevant team members on interpreting dashboards and control monitoring outputs.
Continuous Improvement
- Proactively identify recurring control failure patterns and root causes, surfacing insights that inform remediation planning and control uplift.
- Benchmark control maturity over time, tracking improvement trends and identifying areas where monitoring coverage or test logic needs to be strengthened.
- Identify gaps in current monitoring coverage and propose new control tests or data sources that would enhance the programme's detection capability.
- Contribute to the intake process review by providing data on request volumes, control coverage trends, and analytical workload patterns.
Skills, Capabilities & Experience Required:
Essential
- Proven experience in a data analysis role, with the ability to interpret complex datasets and translate findings into clear, actionable insights.
- Experience building dashboards and reports in BI tooling such as Looker, Power BI, or equivalent.
- Solid understanding of NIST CSF, with working knowledge of SOX, ISO 27001, and PCI-DSS.
- Ability to produce clear, structured control test specifications including defined scope, data requirements, test logic, pass/fail criteria, and evidence standards.
- Strong attention to detail with a structured approach to data validation, quality assurance, and documentation.
- Self-motivated, intellectually curious, and comfortable working both independently and collaboratively in fast-moving environments.
Desirable
- Familiarity with GRC platforms.
- Experience performing data correlation across IT security requirements and business systems.
- Exposure to cyber controls assurance through advisory, internal, or external audit functions.
- Familiarity with cybersecurity control frameworks and how control evidence is structured and assessed in an assurance or audit context.
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.