About Betfair Romania Development:
Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.
Our Values:
The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.
Win together | Raise the bar | Got your back | Own it | Positive impact
About Flutter Functions:
The Flutter Functions division is a key component of Flutter Entertainment, responsible for providing essential support and services across the organization. The division encompasses various corporate functions, including finance, legal, human resources, technology, and more, ensuring seamless operations and strategic alignment throughout the company.
Provide Subject Matter Expert (SME) technical knowledge and strategic security advisory across the Flutter Cyber Security team and divisions, ensuring industry best practice and internal security policies are consistently applied, regulatory compliance is maintained, and cyber risks are systematically identified, assessed, and understood. Act as a trusted security advisor and business partner to divisional technology and business stakeholders, delivering proactive, pragmatic guidance that empowers teams to embed security thinking into their decision-making, designs, and delivery — positioning security as a natural enabler of Flutter's strategic objectives rather than a barrier to them.
Serve as a trusted Cyber Security advisor and business partner to assigned divisions, building a deep understanding of their technology landscape, strategic roadmaps, and operational priorities to deliver contextually relevant, pragmatic security guidance.
Proactively engage with technology and business teams from the earliest stages of new initiatives, programmes, and product development — embedding security by design and directing teams towards secure decisions before issues arise.
Develop and maintain a thorough understanding of the cyber security risks and threats facing Flutter's divisions, using that insight to direct teams towards targeted, meaningful security improvements.
Lead cyber security assessments on Group-wide systems, translating findings into clear, prioritised guidance that directs technical and business teams to address vulnerabilities and strengthen their security posture.
Translate complex cyber security risk into clear, business-relevant language, providing senior stakeholders with actionable advice and facilitating risk-based decisions — acting as an objective broker between security requirements and business priorities.
Partner with divisional technology and business teams to drive tangible improvements to cyber security controls, acting as a guide and advocate for making the wider group more resilient against internal and external threats.
Provide forward-looking security guidance on emerging technologies, architectural decisions, and digital transformation initiatives, ensuring security is integrated into design choices rather than retrofitted post-delivery.
Collaborate with business and technology owners to ensure remediation plans are pragmatic, risk-proportionate, and effectively implemented — driving progress through influence and ongoing engagement rather than oversight alone.
Evaluate the security of third-party solutions at onboarding and through regular review cycles, providing clear direction to business and procurement teams on required security standards and risk mitigations.
Represent the Cyber Security function in divisional technology governance forums, architecture review boards, and business planning sessions, ensuring security is a standing consideration in strategic and operational decision-making.
Champion a security-aware culture across assigned business areas by developing and delivering targeted awareness initiatives tailored to specific audiences — going beyond generic training to address real and relevant risks.
Support the development of security policies and standards where required, ensuring they are practical, relevant, and communicated in a way that empowers teams to act rather than simply comply.
Work closely with key public- and private-sector partners, security forums, and peer organisations to develop expertise, share best practices, and collaborate on cyber security risk mitigation strategies.
Participate in governance and oversight forums and committees as required.
Building Support — We establish close relationships with our stakeholders, underpinned by trust, integrity, and respect. We build awareness, understanding, and positive momentum behind the Group technology strategy, often without being in a position to assert authority.
Trusted Advisory — We position ourselves as a credible, go-to source of security expertise, building relationships where stakeholders proactively seek our guidance rather than viewing security as a compliance gate.
Objective — We are impartial and unbiased, ensuring equal treatment for all and that decisions are based on objective criteria.
Collaboration — We work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.
Influencing Without Authority — We lead through expertise, credibility, and relationship capital, effecting meaningful security improvement across divisions and hierarchies without relying on mandates or enforcement.
Adaptable — We understand and appreciate different and opposing perspectives on an issue and can adapt our approach in order to achieve a successful outcome.
Strategic Thinking — We think about the big picture and use that perspective to support our divisions in achieving competitive advantage through greater agility, faster time to market, and a better customer experience.
Strategic Communication — We are proactive and considered in our approach to stakeholder communications. We actively listen, provide constructive feedback, and help others consider new perspectives.
Commercial Awareness — We understand the business context in which security operates, balancing risk with commercial objectives, delivery timelines, and customer experience to provide pragmatic, proportionate recommendations.
An information security professional with a deep understanding of Cyber Security risk.
Solid technical knowledge of security-related technologies and industry standard processes across all Cyber Security risk areas.
Proven experience in defining Cyber Security policy, standards, and controls.
Strong working knowledge and experience of current IT Security frameworks such as ISO 27001, NIST, ISF, UKGC, and Data Protection.
Knowledge of GDPR and the EU AI Act is highly desirable.
Demonstrable experience operating in a Security Business Partner, Security Engagement Lead, or equivalent advisory capacity, with a track record of building trusted relationships with technology and business stakeholders across a complex, multi-divisional organisation.
Proven ability to provide pragmatic, risk-based security guidance that balances rigorous security principles with business realities, delivery constraints, and commercial objectives.
Familiarity with Secure-by-Design and Shift-Left security principles, and experience embedding these into software development lifecycle (SDLC) and agile delivery frameworks.
Strong ability to adapt to frequent changes and deal with ambiguity.
Strategic thinking which can translate into a long-range vision for driving down Cyber Security risk across the divisions.
Inquisitive, disciplined, and logical thinker who possesses strong investigative and analytical qualities that translate into providing independent and objective analysis of Cyber Security risk.
Proven ability to engage and influence at senior levels (Director, VP, C-suite) as well as at working levels (engineering teams, product managers), with the ability to flex communication style accordingly.
Excellent verbal and written communication skills with the ability to modify style to influence technical and business stakeholders.
Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance.
A methodical approach to organising workload to ensure deadlines are met.
Desirable: Background in enterprise architecture, solution design, or technology consulting, providing credibility when engaging with technical design decisions.
Future Ready: Demonstrating curiosity and openness toward AI and emerging technologies, with a willingness to continuously learn, adapt, share knowledge and collaborate with AI tools in your day to day activity.
Benefits:
Hybrid & remote working options
€1,000 per year for self-development
Company share scheme
25 days of annual leave per year
20 days per year to work abroad
5 personal days/year
Flexible benefits: travel, sports, hobbies
Extended health, dental and travel insurances
Customized well-being programmes
Career growth sessions
Thousands of online courses through Udemy
A variety of engaging office events
Disclaimer:
We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.
We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview.
By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.