Find a job

Cyber Security Third Party Supplier Assurance Senior Manager - 3719


Cyber Security Third Party Supplier Assurance Senior Manager

  • Primary Location:
    Clonskeagh Office, Cluj - Napoca, Hammersmith Office, Leeds
  • Contract Type:
  • Employment Basis:

Flexible Working

(when applicable)

Shares Plan

Careers Progression

Global Mobility

Ongoing Learning

Pension Scheme

Health Insurance

Pizza and Drinks Fridays

Share this page
Share with linkedin
Share with facebook
Share with twitter
Share with email


Role purpose:

The Flutter group relies on third-party suppliers to help facilitate the delivery of products and services to our customers; however, these relationships come with risk.  The Cyber Security TPSA Senior Manager will build and empower their team to ensure that we maintain a safe and healthy relationship with suppliers via third-party risk management processes.



  • The Cyber Security TPSA Senior Manager is a leader in the cyber, risk and internal controls space who will drive the rollout of the Flutter Cyber Security Third Party Supplier Assurance program across the group.
  • Responsible for defining and embedding the operating model of the Cyber Security Third Party Assurance program which will include processes for new supplier security risk assessment, existing supplier security risk assessment and termination activities as well as defining appropriate regular governance checks. Appropriate tooling and automation should be chosen to drive accuracy and efficiencies across the TPSA lifecycle.
  • An established expert in cyber security risk posed by third parties working across the group, the senior manager will ensure the risks relevant to the Flutter group are identified in line with the overall Flutter risk appetite.
  • The senior manager will work with the divisions to define the approach to the management of third-party risk using established risk management processes both at group and divisional level.
  • In collaboration with the Cyber Security Senior Manager – Technical Operational Compliance, ensure that technical assessment processes and remediation tracking for control deficiencies uncovered are driving continuous improvements.
  • Ensure that the processes and tooling that support the third-party supplier assurance function are continually assessed and evolved to match the needs of a changing environment.
  • Accountable for ensuring a complete up to date list of suppliers is maintained for the group including business relationship owners and the risk category.
  • Work with the procurement and legal teams to ensure the security contract clauses reflect the group requirements for security.
  • Define the high-level requirements for regular governance activities to ensure third parties are being managed appropriately, e.g. access management.
  • Work with the business relationship owner to ensure security is a top priority and to build safe and healthy relationships with third party suppliers.
  • Ensure data required for other risk reporting functions, e.g. Flutter KRI regular reporting, internal or external audit is accurately delivered on time.
  • Accountable for metrics and related key performance indicators (KPIs) for the Cyber Security Third Party Assurance program which will demonstrate the effectiveness of the program.
  • Proactively manages the development of the team members to ensure a highly productive, dynamic and proficient team.
  • Foster a team culture of integrity and respect with a global outlook.
  • Participate in governance and oversight forums/committees as required.
  • Build and maintain relationships with key stakeholders across the group.



Key Requirements/Experience:

  • An experienced information security governance, risk & compliance professional with a deep understanding of third-party cyber security risk.
  • Experience of supplier contract negotiations, security controls, industry standard security processes (ISO27001) and technologies, and personal data regulations (e.g. GDPR). 
  • Experience performing risk assessments of the supply chain and articulating the risk to ensure processes and technologies are adapted to manage the risk to an acceptable level.  
  • Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance.
  • A working knowledge of current IT Security standards such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection.  
  • CRISC, CISA, CISSP, ISO 27001, COBIT, or ITIL certification is desirable.
  • Inquisitive, disciplined and logical thinker who possesses strong investigative and analytical qualities that will translate into providing independent and objective analysis of cyber security Risk based on complex data sets.
  • Excellent verbal and written communications skills with a flexible attitude and the ability to meet deadlines under pressure.
  • Able to adapt communication style and to appreciate different and opposing perspectives across multiple divisions.
  • Good level of spoken and written English (B2) (fluency in English is a must).


Close map
Winslow Road, Wandsworth, London, Greater London, United Kingdom, SW11 1TN

This is who we are

Paddy Power Betfair is an international sports betting and gaming operator, with a market-leading presence in the UK and Ireland, as well as a range of operations across Europe including Romania, Portugal and Malta.

We are online-led, mobile-led and sports-led: and our proprietary technology, unique products and innovative marketing all combine to offer a superb experience to our five million customers worldwide.

Our spirit, talent and ambition has taken us into the FTSE 100 index of the London Stock Exchange and we now employ over 7,000 people in sixteen locations across the globe; from Dublin to Los Angeles, and London to Melbourne. Our culture rewards innovation, teamwork and we like to stay fast-moving in a dynamic industry.

On a larger scale

We are part of Flutter Entertainment, a global sports betting, gaming and entertainment provider for over thirteen million customers worldwide.

Established in 2019, Flutter merged with The Stars Group in 2020. As the parent company Flutter Entertainment now has a host of brands that sit under it including Paddy Power and Betfair (PPB), Sky Betting and Gaming, PokerStars, Full Tilt Timeform, oddchecker, Sporting Life, SportsBet, Bet Easy in Australia, FOX Bet, TVG and FanDuel in the US.

Across the globe, Flutter employs over 14,000 people across more than 40 offices and over 600 retail sites. We pride ourselves on being a responsible operator, committed to making a positive contribution to the communities we operate within.

This is your Challenge

  • Delivering product at scale for over 5 million customers, 99,9% of transactions in less than a second
  • Our systems process more than 7 million transactions every day (more than all the European stock exchanges combined)
  • Deliver high transitional products, serving more than 2.5Bn calls a day
  • Diverse and up to date technical landscape to explore, leverage and innovate
  • The products you’ll develop will comply with ambitious uptime targets: less than 50 minutes downtime expected per year
  • Continuous Integration, Deployment and Testing