Find a job

Senior Third Party Security Assurance Analyst - Flutter UK&I - 6951


Senior Third Party Security Assurance Analyst - Flutter UK&I

  • Primary Location:
    Cluj - Napoca
  • Contract Type:
  • Employment Basis:

Flexible benefits of your choice

Learning and development opportunities

25 days annual leave

Customized wellbeing programs

Extended health and travel insurances

Top trending technologies

Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email

Role purpose:

The Flutter group relies on third-party suppliers to help facilitate the delivery of products and services to our customers; however, these relationships come with risk.  The Cyber Security TPSA Senior Analyst will ensure that we maintain a safe and healthy relationship with suppliers via third-party risk management processes.


  • The Cyber Security TPSA Senior Analyst must have a deep understanding of the cyber security risks posed by third parties working across with group and in context to the Flutter risk appetite.
  • The senior analyst will identify and assist with the management of third-party risk using established risk management processes both at group and divisional level.
  • Acting as an escalation point for other members of the TPSA team, the senior analyst will provide daily guidance and direction on the TPSA processes, as needed.
  • Working within the third-party supplier engagement life cycle, the senior analyst will complete security assessments of new suppliers and provide oversight for reviews performed by other team members.
  • Perform continuous assessments of existing suppliers using a risk-based selection process. This process involves reviewing evidence of the third-parties control environment.
  • In collaboration with the Cyber Security Senior Manager – Technical Operational Compliance, assess and track remediation plans for control deficiencies uncovered.
  • When the relationship ends with a third-party supplier, the senior analyst must work with the business relationship owner to ensure that contract termination activities have been completed, including ensuring all Flutter data has been deleted or returned.
  • Continually review processes to ensure any improvements are identified, planned, prioritised and actioned.
  • Responsible for ensuring a complete up to date list of suppliers is maintained for the group including business relationship owners and the risk category.
  • Work with the business relationship owner to ensure security is a top priority and build safe and healthy relationships with third party suppliers.
  • Working within the TPSA operating model, implement regular governance activities to ensure third parties are being managed appropriately, e.g. access entitlements assigned.
  • Support the group business processes with accurate, relevant risk-based information about a third-party supplier's security posture.
  • Collate data for other risk reporting functions as required, e.g. Flutter KRI regular reporting, internal or external audit.
  • Responsible for ensuring any systems used to support the TPSA program remain operational; monitoring of performance, remain patched and manage upgrades.
  • Deliver regular reporting to demonstrate the effectiveness of the TPSA team.
  • Maintain accurate records of all TPSA activity which can stand up to scrutiny by internal & external auditors as well as divisional stakeholders.
  • Build and maintain relationships with key stakeholders across the group.


  • Building Support - We establish close relationships with our stakeholders, underpinned by trust, integrity and respect. We are able to build awareness, understanding and positive momentum behind the Group technology strategy, often without being in a position to assert authority.
  • Objective - We are impartial and unbiased, ensuring equal treatment for all and that decisions taken are based on objective criteria.
  • Collaboration - We work effectively and in partnership with our stakeholders on shared goals that align towards the achievement of the Group technology strategy. We foster a collaborative environment and assume the role of leader when required.
  • Adaptable - We understand and appreciate different and opposing perspectives on an issue and are able to adapt our approach in order to achieve a successful outcome.
  •  Strategic Thinking - We think about the big picture and use that perspective to support our Divisions to achieve competitive advantage through greater agility, faster time to market and a better customer experience.
  • Strategic Communication - We are proactive and considered in our approach to stakeholder communications. We actively listen, provide constructive feedback and help others to consider new perspectives.

Key Requirements/Experience:

  • An information security governance, risk & compliance professional with a deep understanding of third-party cyber security risk.
  • Experience of dealing with supplier contracts, security controls, industry standard security processes (ISO27001) and technologies, and personal data regulations (e.g. GDPR). 
  • Experience performing risk assessments of the supply chain and articulating the risk to ensure processes and technologies are adapted to manage the risk to an acceptable level.
  • Demonstrable knowledge of the risk management lifecycle.
  • Inquisitive, disciplined and logical thinker who possesses strong investigative and analytical qualities that will translate into providing independent and objective analysis of cyber security Risk based on complex data sets.
  • Excellent verbal and written communications skills with a flexible attitude and the ability to meet deadlines under pressure.
  • Able to adapt communication style and to appreciate different and opposing perspectives across multiple divisions.
  • Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance.
  • A working knowledge of current IT Security standards such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection.  
  • CRISC, CISA, CISSP, ISO 27001, COBIT, or ITIL certification is desirable.
  • Good level of spoken and written English (B2) (fluency in English is a must) 


What you can expect:

  • 25 days of annual leave;
  • Sharesave scheme;
  • „Flexible Benefits” of your choice;
  • Private health insurance (includes dental insurance and health assessments);
  • Free parking;
  • Thousands of courses online through ‘Udemy'

Ways of working:

Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;

We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview.

By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record.If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective role within the company.

Close map
Cluj - Napoca
Blvd. 21 Decembrie 1989, no. 77, The Office building, Betfair Romania Development, Entrance A, 4th Floor, Cluj, Romania, 400124


We are the largest technology and shared services hub of Flutter Entertainment Plc, an FTSE 100 company, with over 1,000 people powering the world’s leading brands in sports betting, gaming and entertainment.

Over 18 million customers worldwide enjoy the exciting, immersive and safe experiences delivered by our teams in Cluj-Napoca operating a unique portfolio of diverse proprietary brands such as Betfair, PokerStars, Paddy Power, FanDuel or SportsBet.


We’re home to the talented and the brave. If you’re tired of business as usual and want to create something new, you’ll love it here.

Just like our brands are leaders at global scale, that is the standard we hold up to when it comes to the opportunities we offer to our people, ensuring they have everything they need to succeed.

At Betfair Romania Development, one thing is for sure: you will experience different. Quick-thinking, adaptable and disruptive, we believe the future is what you make it.