Cybersecurity Risk Analyst

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team passionate about learning, operating, and creating innovative products and technologies for millions of consumers. We care about each customer interaction, experience, behaviour, and insight and strive to ensure we always act authentically.

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps into a brand known worldwide as a leader in gaming, entertainment, and hospitality. We’re bringing that legacy into the digital space.

We are seeking an experienced Cybersecurity Risk Analyst to join the Security Risk Management (SRM) team at a leading US online gaming platform. Reporting to the Director of SRM, this role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards.

This role goes beyond traditional GRC. Our SRM team operates an AI-augmented Integrated Management System (IMS) built on ISO 27001 PDCA principles, where agentic AI tooling and its ecosystem of security skills are core to daily workflow. The ideal candidate brings strong risk management fundamentals and the ability to leverage AI tools to accelerate risk assessment, compliance evidence gathering, policy development, and executive reporting. We need someone who can hit the ground running with our AI-driven approach and actively identify new ways to apply AI across all SRM use cases.

This role is crucial for proactively managing technology risks and maintaining a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen and AI fluency to effectively communicate and manage risks across all organizational levels.

What You'll Do

• Risk Assessment and Management
  • Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations.
  • Develop and maintain risk registers, threat models, vulnerability and threat management programs, and risk treatment plans across eight enterprise risk categories.
  • Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005, ISO 31000, NIST RMF).
  • Evaluate third-party vendor security risks and assess supply chain vulnerabilities using structured TPRM frameworks.
  • Leverage AI tools to accelerate risk identification, analysis, and reporting workflows.
• Risk Mitigation and Control Implementation
  • Develop and recommend risk mitigation strategies and security controls.
  • Collaborate with technical teams to implement security measures and monitor their effectiveness.
  • Track remediation efforts and verify risk reduction activities via GRC platform integrations.
  • Create and maintain risk metrics and key risk indicators (KRIs).
• Compliance and Governance
  • Ensure alignment with regulatory and industry requirements including state-specific gaming regulations (GLI-19, GLI-33, GLI-GSF), ISO 27001, ISO 42001, PCI DSS v4.0, SOC 2, NIST CSF, and GDPR.
  • Support internal and external audits by gathering evidence, preparing documentation, and coordinating audit activities.
  • Maintain security policies, procedures, and risk management frameworks within the IMS.
  • Contribute to AI governance activities including AI service registry maintenance, Shadow AI detection, and ISO 42001 compliance.
  • Assist in developing and updating the organization's cybersecurity and AI governance strategy.
• AI-Augmented Risk Operations
  • Use agentic AI tools with associated skills and agents as core productivity multipliers for risk analysis, policy drafting, compliance validation, and reporting.
  • Operate within a git-based Integrated Management System, using AI skills for tasks such as ISO evidence gathering, threat modelling, third-party risk assessment, and executive communication.
  • Identify opportunities to extend agentic automation by integrating new MCP servers and APIs into existing AI workflows.
  • Identify and develop new AI-driven approaches to SRM challenges, continuously exploring how AI can improve risk assessment accuracy, audit preparation efficiency, and compliance coverage.
• Reporting and Communication
  • Prepare risk reports and dashboards for management, audit committees, and gaming regulators.
  • Present risk findings and recommendations to technical and non-technical audiences.
  • Document risk assessment methodologies and maintain assessment artifacts.
  • Provide risk-based guidance for security strategy decisions.
• Incident Response and Business Continuity
  • Participate in security incidents for risk impact assessment and lessons learned.
  • Participate in site reliability incident response activities, particularly post-incident reviews.
  • Support business continuity and disaster recovery planning.
  • Conduct tabletop exercises and risk scenario planning.

What We're Looking For

• Education
  • Bachelor's degree in Computer Science, Information Security, Technology Risk Management, or related field.
• Experience
  • 3-5 years of experience in cybersecurity risk management, GRC, or IT audit within the technology industry.
  • Demonstrated experience with risk assessment methodologies and frameworks (ISO 27005, ISO 31000, NIST RMF).
  • Knowledge of security controls and their implementation across cloud environments.
  • Experience with GRC platforms (Vanta experience preferred).
  • Practical experience using AI/LLM tools in a professional security or risk management context.
• AI and Technology Skills (Critical)
  • Demonstrated proficiency with AI coding assistants and agentic AI tools.
  • Ability to craft effective prompts and work iteratively with AI to produce high-quality risk assessments, policies, and compliance documentation.
  • Comfort working in a git-based workflow.
  • Understanding of AI governance concepts.
  • Familiarity with Model Context Protocol (MCP) or similar frameworks.
• Technical Skills
  • Understanding of security technology concepts.
  • Familiarity with cloud security across major providers (AWS, Azure, GCP).
  • Knowledge of network protocols and security architectures.
  • Understanding of Zero Trust architecture principles.
  • Basic scripting abilities for automation.
  • Familiarity with REST APIs.
• Soft Skills
  • Strong analytical and problem-solving abilities.
  • Excellent written and verbal communication skills.
  • Ability to translate technical risks into business impact.
  • Detail-oriented with strong organizational skills.
  • Ability to work independently and manage multiple projects simultaneously.
  • Strong interpersonal skills for stakeholder management.
  • Intellectual curiosity and a growth mindset.
• Certifications (Preferred)
  • CRISC, CISA, CISSP, ISO 27001 Lead Implementer/Auditor, ISO 42001 familiarity, CompTIA Security+ or CySA+.
• Additional Preferred Qualifications
  • Experience in online gaming, sports betting, or other regulated industry sectors.
  • Knowledge of gaming-specific compliance frameworks.
  • Experience with specific GRC platforms.
  • Experience building or contributing to AI governance programs.
  • Knowledge of emerging threats and threat intelligence.
  • Experience with DevSecOps and agile methodologies.

What We Offer

• Flexible vacation allowance.
• Remote or Hybrid Flexibility.
• Innovative Environment.
• Growth Opportunities.
• Diverse and Inclusive.

We care deeply about every interaction our customers have with us, and trust and empower our staff to own and drive their experience. Our vision for our business and customers is built on fostering a diverse and inclusive work environment where, regardless of background or beliefs, you feel able to be authentic and bring all your talent into play.