ARRISE sets the benchmark for service delivery and excellence in the iGaming industry. Playing a key role in the success of its clients, which include Pragmatic Play, a brand relied upon by the world’s biggest online casinos for its cutting-edge products, ARRISE helps to deliver exceptional gaming experiences to millions of players worldwide. Our global team of over 9,000 talented and driven professionals are shaping the future of iGaming. Headquartered in Gibraltar, we have offices spanning Canada, India, the Isle of Man, Latvia, Malta, Romania, Serbia, Bulgaria, and the UAE, and more exciting destinations on the horizon. At ARRISE, we take pride in creating growth opportunities at all levels, constantly investing in our people while welcoming new colleagues and forging strategic partnerships that open new opportunities for success. To achieve this, we bet on ourselves. We know that success is a collective effort, and our team is driven by ambition, collaboration, and a shared commitment to grow and succeed—while embracing every step of the journey. Be part of the future of iGaming with 10,000 ARRISERS! See a job that excites you? Apply now, and our friendly recruitment team will connect with you soon. Your journey starts here!
About the Role
We are seeking an experienced IT Compliance Specialist to lead and manage our compliance programs across ISO 27001 and SOC 2, ensuring our gaming platform and related services meet the highest standards of security, privacy, and regulatory compliance. The role will serve as the primary liaison for both external and internal auditors for ISO 27001 certification and SOC 2 attestation, with a focus on addressing scope changes, corporate structure changes, and responding to client security questionnaires.
Key Responsibilities
Compliance Management
Lead and maintain the company’s ISO 27001 Information Security Management System (ISMS) and SOC 2 Trust Services Criteria certification programs.
Serve as the primary point of contact for engaging with external and internal auditors, facilitating ISO 27001 certification and SOC 2 attestation processes.
Own compliance audits: plan, coordinate with auditors, collect evidence, and provide comprehensive audit responses.
Manage risk assessments, control testing, and remediation activities to ensure ongoing compliance.
Policy & Process Governance
Develop, maintain, and enforce IT security and compliance policies, procedures, and standards.
Ensure documentation aligns with ISO 27001 Annex A controls, SOC 2 requirements, and addresses evolving compliance needs due to scope or structural changes.
Respond to client security questionnaires with accurate and detailed information to demonstrate compliance.
Control Implementation & Monitoring
Oversee access control, change management, incident management, and third-party/vendor risk management within the scope of ISO 27001 and SOC 2.
Ensure compliance across environments supporting software development, hosting platforms, and APIs.
Monitor the effectiveness of security controls and recommend improvements to mitigate emerging risks.
Audit & Assurance
Act as the central liaison for external auditors, regulators, and certification bodies, ensuring clear communication and issue resolution.
Conduct internal compliance audits, gap assessments, and readiness reviews to maintain certification readiness.
Track and close compliance findings and audit issues, ensuring timely resolution and documentation.
Provide expert guidance on compliance implications of ISO 27001 scope changes and corporate structure changes.
Training & Awareness
Build awareness of compliance requirements across development, operations, and support teams.
Deliver targeted training on compliance obligations, including secure software development, data handling, and gaming industry standards.
Vendor & Third-Party Risk Management
Assess compliance of key vendors, including cloud hosting providers, content partners (e.g., Pragmatic Play), and integration providers.
Ensure contractual and SLA alignment with ISO 27001 and SOC 2 requirements.
Reporting
Provide regular compliance updates, risk posture reports, and responses to client inquiries to senior management and stakeholders.
Support management with compliance performance metrics and KPIs.
Qualifications & Experience
Bachelor's degree in Information Security, Computer Science, Risk Management, or a related field.
5+ years’ experience in IT compliance, GRC, risk management, or information security, ideally in gaming, fintech, or other regulated industries.
Strong understanding of:
ISO 27001:2022 Information Security Management System (ISMS)
