Location –Leeds/Dublin/London
Hybrid
Permanent
About the Role
We are seeking a highly skilled and expert Head of SOX ITGC and Technology GRC to join the Flutter Functions Cybersecurity team within Flutter Functions Technology Operations department. As an NYSE-listed company, maintaining good practices and posture relative to our IT General Controls is vital to our continued compliance with SOX and coordinating our cyber control health via our NIST CSF 2.0 framework.
The Head of SOX IT General Controls (ITGC) and Technology Governance, Risk & Compliance (GRC) is responsible for leading and continuously improving Flutter Functions’ IT control environment, with primary accountability for Sarbanes-Oxley (SOX) IT compliance and broader technology risk governance.
This role leads the build, efficiency automation and oversight of our SOX ITGC and Technology GRC risks and controls across a modern and sophisticated platform leveraging multiple cloud environments and third-party providers.
This role will partner closely with Finance, Internal Audit, External Audit, Global Cyber GRC, Enterprise Risk, Insurance and all technology leaders to ensure audit readiness, control effectiveness, and enterprise risk clarity at the Board level. The leader will own and drive reporting across all our controls and lead engagement with Group CIO, ensuring prioritized focus on all things risk and compliance.
The right candidate will be a credible leader with 15+ years’ experience in the SOX / Technology risk and controls space. You should be comfortable reporting to C-Suite and possess an ability to drive collaboration and support across the wider technology community
What you’ll do :
SOX IT General Controls Leadership
Lead and oversee the annual SOX scoping, risk assessments, walkthroughs, testing coordination, and deficiency evaluations effort across in-scope SOX systems and controls in Flutter Functions
Lead the relationship with Finance (Internal Controls Testing and Assurance teams) and external auditors. Provide challenge and leadership for scoping, testing and remediation review
Drive education and accountability with the control owner community on the execution and evidencing of relevant IT General Controls
Oversee remediation of control gaps and ensure timely resolution of audit findings. Drive clarity on remediation position with all relevant partners
Serve as primary liaison with Internal and External Auditors for ITGC matters.
Partner with colleagues in Strategy and Enterprise Architecture to ensure we design and build systems to optimise for SOX and our NIST CSF 2.0 cybersecurity framework
Technology Governance & Risk Management
Oversee the development and implementation of the Flutter Functions cyber and technology risk management strategy aligned with the Global Cyber Risk Management Framework and Enterprise Risk Management Framework
Lead a team of GRC professional to drive innovative and accurate ways of maintaining a continuous view of our cyber control environment
Drive advanced approaches to resolving risk and controls posture leveraging AI and modern toolsets
Reduce manual controls and audit burden through system-based controls.
Develop risk assessment methodologies for new systems, transformations, and cloud migrations.
Present IT risk posture, control metrics, and audit results to executive leadership and the Audit Committee.
Stakeholder Management
Engage with internal and external stakeholders, including senior leadership, to provide strategic insights and influence decision-making around all things SOX ITGC and Tech GRC.
Represent the organization in discussions with regulators, auditors, and third-party vendors as required
Prepare materials for the Board and support the Group Director of Technology Operations with any board-related matters & regulatory requests.
Influence and work with brand-based colleagues to achieve collective objectives and drive best practice across Cyber GRC.
Build and maintain effective collaborations compliance functions including Group Risk, Group Legal, Group Data Protection, Group Internal Audit and their divisional counterparts
Team Leadership & Engagement
Build, mentor, and lead a high-performing IT GRC and SOX compliance team.
Develop a culture of accountability, risk awareness, and operational excellence.
Influence cross-functional stakeholders at senior and executive levels.
What you’ll need:
Leadership & People Management:
Shown experience leading and mentoring cross-functional teams, with a focus on fostering a culture of compliance and accountability
Strong influencing and communication skills, able to effectively interact with senior executives and technical teams alike.
GRC Expertise:
Demonstrative experience of SOX as a control framework and how controls need to be built and positioned to operate in a SOX environment
Extensive experience in cyber and technology risk management in a senior strategic leadership position
Risk Management:
Expertise in identifying, assessing, and mitigating cybersecurity risks across digital platforms.
Ability to prioritize security initiatives based on business impact and risk appetite.
Problem-Solving & Analytical Thinking:
Strong analytical skills with the ability to quickly identify and solve complex security challenges.
Strategic thinking in relation to process and control design in how they help rather than hinder the business
Project Management:
Skilled in handling complex projects, with a focus on security initiatives.
Ability to supervise multiple projects simultaneously, ensuring timely delivery and alignment with business objectives.
Qualifications & Experience
Bachelor’s or Masters degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Relevant certifications (e.g., CISSP, CISM, CISA, AWS Certified Security – Specialty, or similar) are highly desirable.
Proven experience in cybersecurity, with at least 5 years in a leadership role leading platforms and services security in a large, global organization.
Strong demonstrable expertise in SOX and other relevant cybersecurity and technology risk frameworks (NIST CSF, ISO 27001, COBIT)
Consistent record in working with senior leadership and external stakeholders to influence security outcomes.
Familiarity with the gambling or financial services industry is a plus, but not required.
What’s in it for you
We are a flexible employer; whether you have personal commitments or a hobby that brings you joy, we want you to bring your best self to work and feel empowered to do so. We also like to share our success; after all you make it happen. We have an excellent benefits package that can be personalised to you:
Bonus scheme
Uncapped holiday allowance
Enhanced pension scheme
Private healthcare
Life assurance
Income protection
£1,000 annual self-development learning fund
Invest via the Flutters Sharesave Scheme
Enhanced parental leave
About Flutter
We are a world leader in online sports betting and iGaming, with a market leading position in the US and across the world.
We have an unparalleled portfolio of the most innovative, diverse and distinctive brands including FanDuel, Sky Betting & Gaming, Sportsbet, PokerStars, Paddy Power, Sisal, tombola, Betfair, MaxBet, Junglee Games and Adjarabet.
With our global scale and challenger attitude, through which we excite and entertain our customers, in a safe and sustainable way. Using our collective power, the Flutter Edge, we aim to disrupt the sector, learning from the past to create a better future for our customers, colleagues and communities.
We’re working to be an inclusive employer, and we encourage people from all backgrounds, ways of thinking and working to apply. Everyone brings different perspectives and experiences; you don't have to meet all the requirements listed to apply for this role.
If you need any adjustments to make this role work for you let us know, and we’ll see how we can accommodate them.