Senior GRC Specialist

The Mill Adventure View all jobs

  • Saint Julian's, Malta Island
  • Permanent
  • Full-time
  • 3 days ago
  • Apply easily
The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields.Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient.We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group.As our business continues to grow, we are looking for a highly autonomous and experienced Senior / Lead GRC Specialist. In this role, you will not just maintain our GRC function—you will own it. Working closely with our CISO and security engineering team, you will be responsible for defining the road ahead: identifying our gaps, selecting the right frameworks, and taking full responsibility for our governance, risk, and compliance posture. We need a mature professional who knows how to listen to engineering teams, build pragmatic policies, and drive security without being a roadblock.What You Will Do:
  • Establish the GRC Roadmap: Assess our current environment, identify gaps, and design a clear, actionable GRC roadmap aligned with our business goals. You tell us what we are missing and how to fix it.
  • Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner actively with product and engineering teams during the design phases to find secure paths to "yes," ensuring our governance supports business velocity rather than slowing it down.
  • Lead Framework Implementation: Take full responsibility for managing and maturing our ISO 27001:2022 certification. Drive compliance initiatives for PCI DSS and prepare our posture for NIS2 requirements.
  • Drive Risk Management: Autonomously select and implement the most appropriate risk management frameworks. Own the risk register, lead risk assessments, and translate complex technical risks into clear business impacts and mitigation strategies.
  • Design Business-Aligned Governance: Design, write, and enforce information security policies and standards. Actively solicit feedback from engineering and business teams to ensure policies are practical and business-enabling.
  • Champion Security Culture: Own and evolve our security awareness program. Move us beyond boring, "check-the-box" compliance videos by creating engaging, context-aware training that actually resonates with engineers, product teams, and business operations.
  • Lead Audits & Compliance: Take the helm on all internal and external security-focused audits, assessments, and reviews. Act as the definitive subject matter expert for regulatory inquiries.
RequirementsYou'll be a great fit if you have:
  • 5–8+ years of dedicated experience in Cyber GRC, Information Security, or Technology Risk.
  • Framework Expertise: Demonstrated, hands-on experience implementing and managing ISO 27001:2022 (mandatory). Deep knowledge of PCI DSS and familiarity with NIS2 is highly desirable.
  • iGaming Experience is a Strong Plus: A deep understanding of the technology-led, highly regulated iGaming environment is highly desirable. (If you don't have this, proven experience in similarly complex, fast-paced, and regulated sectors like fintech, SaaS, or payments is a great substitute).
  • An "Enabler" Mindset: The commercial awareness to understand that security exists to protect the business, not to halt it. You excel at finding pragmatic, secure workarounds rather than just throwing up red tape.
  • Strategic & Autonomous Execution: You don't need a checklist; you create the checklist. You have a track record of building or significantly maturing GRC functions from the ground up.
  • Mature Judgment: You possess the emotional intelligence to work alongside highly technical teams. You leave your ego at the door, listen to feedback, and focus on collaborative problem-solving.
  • Exceptional Communication: Strong analytical, risk assessment, and documentation skills, with the ability to articulate complex security concepts to both engineers and executive leadership.
  • Alignment with our Values: High integrity, ownership, transparency, and a continuous drive for performance and improvement.
Benefits
  • A lean, focused company, offering a flexible working environment
  • The opportunity to work with and learn form a highly skilled, talented team
  • A great company culture, where accountability is innate, transparency is key and competency is virtue
  • Being part of a small, tight knit, caring community
  • Work equipment of your choice
  • Private health insurance
  • Learning budget
  • Fitness benefit
  • Parking/transport or co-working allowance
  • Company wide and team based get togethers

The Mill Adventure