Head of Cyber & Information Security

Full Job Description

Join our journey to create a new experience for the National Lottery and help us to power change for the greater good.

We are Allwyn UK, part of the Allwyn Entertainment Group – a multi-national lottery operator with a market-leading presence in Austria, the Czech Republic, Greece, Cyprus and Italy.  We have been officially awarded the Fourth Licence (10 year licence) to operate the National Lottery starting February 2024.

We’ve developed ground-breaking technologies, built player protection frameworks, and have a proven track record of making lotteries better. Our aim is to create one of the UK’s most inclusive organisations – where people can bring the best of themselves, to do their best work, every day, for the benefit of good causes.

Allwyn is an Equal Opportunity Employer which prides itself in being diverse and inclusive. We do not tolerate discrimination, harassment, or victimisation in the workplace.  All employment decisions at Allwyn are based on the business needs, the job requirements, and the individual qualifications.  Allwyn encourages applications from individuals regardless of age, disability (visible or hidden), sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.

While the main contribution of the National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do.  Join us as we embark on a once-in-a-lifetime, large-scale transformation journey to build a bigger, better, and safer National Lottery that delivers more money to good causes.

Purpose of Role:

The Head of Cyber & Information Security forms part of the senior leadership team within the Security function of Allwyn UK, reporting directly to the Chief Security Officer (CSO)

You will play a pivotal role in safeguarding the National Lottery and protecting Allwyn’s digital assets from attack.

You will act as a trusted advisor to the CSO and C-Suite stakeholders across Allwyn UK and work with them to ensure that Allwyn is secure and compliant with the policies, standards and regulations set out in the Security Operating Model

This is a highly operational and highly visible leadership role, as you will take overall charge of Allwyn UK’s Cyber Defence and Security Operations teams. You will also have overall responsibility for Security Governance, Risk & Compliance and lead the Business Continuity and Crisis Management teams, working across the whole of the business to ensure we are resilient and prepared should business interruption occur.

Your ultimate goal is to form part of a leadership team that proactively defends Allwyn, and the National Lottery from attack, making us a hard target and protecting our business operations, ensuring we meet our strategic organizational objectives.  You will however also be responsible for building a first class team that  knows exactly what to do if we are attacked and are well drilled in responding and returning the business to BAU as swiftly as possible.

Team Description:

The Security team’s collective mission is to preserve the integrity of the National Lottery, secure sensitive or personal data processed by Allwyn or its partners and protect the premises and people that work across Allwyn UK. We work in a heavily regulated environment and must secure one of the most visited websites in the UK, a very large retail channel and numerous back-office systems spread across both on premise datacenters and the Cloud.

The Security function is comprised of 3 Team Groups (and 10 sub teams)

Enterprise Security

• Security Architecture
• Security Design Engineering
• Security Consultancy
• Security Testing

Cyber & Information Security

• Governance, Risk & Compliance
• Cyber Defence
• Security Operations

Protective Security

• Physical Security
• Investigations
• Intelligence

The Cyber & Information Security team form a key pillar in our security operating model – you will be responsible for leading the activities of the Cyber and Information security team, and you will be expected to get deeply involved in ensuring our key suppliers operate to the same high security standards we demand of ourselves.

Key Accountabilities or Duties:

• Manage, develop & Lead the Cyber & Information Security teams
• Be a member of the Security SLT and actively contribute to all aspects of enabling and protecting a successful National Lottery Operation
• Identify, measure, control and report on security risks within information systems
• Accountable for the creation and upkeep of our documented security standards, policies, processes  
• Manage the budget of the Cyber & Information Security Cost Centre
• Co-create the security strategy to protect Allwyn and the national lottery
• Manage operational teams that protect, defend and respond to threats against Allwyn or the National Lottery
• Anticipate, influence and assist the organization to assess and rapidly adjust to changing threat conditions and trends both internally and externally
• Establish and maintain relationships with industry peers, other Allwyn Group operating companies and external security organisations, working with Specialist consultants where appropriate
• Implement KPIs and metrics to measure our security performance and assess and track our exposure to risk
• Accountable for continuous improvement / maturity of our Cyber Defence team and ensuring our capabilities are operating at optimal levels to both identify threats and maintain effectiveness of the SOC
• Overall Accountability for overall leadership of the 24/7 SOC and the efficient response to Cyber attacks.
• Overall Accountability for Business Continuity and Crisis Management across Allwyn UK
• Overall Accountability for ensuring Allwyn maintains or achieves certification to ISO22301/2700/27701/27002/PCI DSS/ WLA SCS2020 / NCSC CAF
• As part of the senior nature of this role, you’ll be required to be available outside of normal office hours This aspect of your role is fundamental to ensuring Allwyn’s business continuity in the event of system failures or other such emergencies.

Skills & Experience:

This role is a vitally important one for Allwyn. The successful individual will be one of the most important Information Security professional across the global organisation and will advise the most senior of Allwyn employees on Security Operations. As well as having the experience and influence to operate in this manner, you will have:

• At least five years’ experience gained in a technically focussed security role
• Demonstrable experience of successful delivery in a technically focussed role
• Ability to articulate complex technical or sensitive issues to a wide audience is essential
• Experience of managing internet threats and risk mitigation
• Strong understanding of external and internal threat landscapes
• Broad experience of a wide range of security technologies and products
• Understanding of information security governance principles
• Ability to demonstrate an understanding of common security management principles (eg PCI-DSS)
• Bring the skills, experience and ability to adapt to be able to deliver any desired solution potentially using a wide variety of technologies that will help reduce security related risks to Allwyn UK
• Excellent communication skills
• Excellent judgement
• Line management experience
• Experienced in deploying security technology in a cloud environment.
• Cyber security incident management experience

Desirable:

• Experience of working with AWS and Azure
• Working in a regulated environment

Here is our list of benefits:

• 34 days paid leave (This includes bank holidays)
• 2 x Life Days
• 4 x Salary of Life Insurance
• Pension: We’ll contribute 8.5%
• BUPA
• £500 wellness allowance
• Income Protection

As part of our onboarding processes, all successful candidates will need to complete both a Pre-Employment Screening process and a Fit & Proper check by the Gambling Commission. These checks include a DBS (an enhanced check, which shows convictions and conditional cautions), credit and social media checks. As part of our application process, you will be asked to identify in advance if you have spent or unspent convictions that we need to be aware of.

Should you not disclose convictions at the application stage, not pass the Fit & Proper Check process or not complete your Pre-Employment Screening then unfortunately you may not pass our probation process.

All data will be handled in accordance with our data policies and treated with utmost confidentiality.