Governance, Risk & Compliance (GRC) Security Analyst

Job Title: GRC Security Analyst

Reports to: GRC Lead & DPO

About Us

Welcome to Pinnacle, the ultimate destination for sports enthusiasts seeking an exhilarating sportsbook and gaming experience! Established in 1998, we have solidified our position as one of the globe's foremost licensed online gaming companies. With our cutting-edge offerings, we guarantee an electrifying experience that will keep you on the edge of your seat.

Pinnacle invites you to join our team and become an instrumental figure in the exciting realm of sports betting. Our vibrant team is fueled by passion and driven by innovation, working together to redefine the landscape of sports betting and gaming. Together, we constantly strive to surpass limitations and deliver unparalleled experiences to sports enthusiasts worldwide. Prepare yourself for a thrilling journey and discover sports in an entirely new dimension with Pinnacle!

Role Overview

We are looking for a detail-oriented and knowledgeable GRC Security Analyst to join our Governance, Risk & Compliance team. This role is central to managing regulatory compliance, security governance, and risk management activities across the enterprise. The successful candidate will play a key role in driving and maintaining security and compliance frameworks, managing audit processes, and ensuring data protection and security controls are enforced across Pinnacle’s systems, including cloud, on-prem, and user-facing platforms.

Additionally, the GRC Security Analyst will be responsible for coordinating and facilitating maintenance window activities to support continuous IT infrastructure improvements.

KEY RESPONSIBILITIES

Governance, Risk & Compliance

• Perform ongoing risk assessments and maintain a risk register.
• Conduct internal compliance audits and prepare for external assessments (ISO 27001, PCI DSS, GDPR).
• Develop and enforce security governance frameworks and policies.
• Support user access reviews and IAM compliance enforcement.
• Track remediation of audit findings and compliance gaps.
• Maintain compliance with data protection and privacy standards.

Downtime and Maintenance Coordination

• Schedule and coordinate maintenance window meetings with IT and security stakeholders.
• Ensure all system changes and downtimes are logged, reviewed for impact, and comply with change management policies.
• Document, track, and report on the outcomes of change-related meetings.
• Manage communication within organization and with external partners

Collaboration & Support

• Liaise with the Security Engineering and SOC teams to validate control implementation.
• Support training and awareness programs on security governance and user responsibilities.
• Assist in the preparation and delivery of reports for senior management and auditors.

REQUIRED QUALIFICATIONS

Technical Skills & Experience

• 5+ years of experience in security governance, risk, and compliance roles.
• Strong knowledge of ISO 27001, PCI DSS, GDPR, NIST, or similar frameworks.
• Experience coordinating audits, managing compliance tools, and writing policies.
• Familiarity with IAM, access control policies, and endpoint security compliance.
• 3 + years of Experience in tracking and managing technical change controls.
• 3+ years of experience with forensic tools (e.g., Wireshark, Volatility, FTK).
• Strong Understanding of web security risks and mitigation strategies.

Certifications

• Mandatory:
• ISO/IEC 27001 Lead Implementer
• Preferred:
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Risk and Information Systems Control (CRISC)
• AWS Certified Security – Specialty
• Microsoft Certified: Information Protection Administrator Associate (SC-400)

Nice-to-Have Skills

• Experience with GRC platforms (e.g., Microsoft Purview).
• Understanding of cloud security compliance in Azure and AWS.
• Strong documentation, project coordination, and reporting skills.

Work Environment & Expectations

• Embedded within the Governance, Risk & Compliance team and collaborating cross-functionally with IT, Security Operations, and Engineering teams.

This role requires candidates to have their core working hours aligned with business operations in either Europe or North America, depending on assignment. Successful candidates must be able to work within these time zones to support regional offices, ensure effective collaboration, and provide timely operational support. Flexibility may be required for occasional meetings or critical incidents outside of core hours.

We are an equal opportunity employer dedicated to fostering an inclusive and diverse workplace. We prioritize hiring the best candidates based on their skills and qualifications, irrespective of race, gender, age, religion, or any other characteristic. Our strength lies in our diverse teams, and we proudly celebrate and empower everyone to embrace and promote diversity throughout their time with us.

Job Type: Full-time