Security Risk Analyst

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, the new Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space — ready to join us?

What’s the position?

We are seeking experienced Cybersecurity Risk Analysts to join our security team at a leading US online gaming platform. This role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards. The analyst role involves conducting risk assessments, developing risk management and mitigation strategies, supporting audit activities, and ensuring compliance with security policies and compliance requirements.

This role is crucial for our organization to proactively manage technology risks and maintain a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen to effectively communicate and manage risks across all organizational levels.

Key Responsibilities

Risk Assessment and Management

Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations.

Develop and maintain risk registers, threat models, vulnerability and threat management programs, and maintain risk treatment plans.

Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005).

Evaluate third-party vendor security risks and assess supply chain vulnerabilities.

Risk Mitigation and Control Implementation

Develop and recommend risk mitigation strategies and security controls

Collaborate with technical teams to implement security measures and monitor their effectiveness

Track remediation efforts and verify risk reduction activities

Create and maintain risk metrics and key risk indicators (KRIs)

Compliance and Governance

Ensure alignment with both internal, regulatory, and industry requirements (state-specific gaming and privacy regulations, ISO27001, PCI-DSS, financial audits, etc.)

Support internal and external audits by providing risk documentation and evidence

Maintain security policies, procedures, and risk management frameworks

Assist in developing and updating the organization's cybersecurity strategy

Reporting and Communication

Prepare risk reports and dashboards for management and stakeholders

Present risk findings and recommendations to technical and non-technical audiences

Document risk assessment methodologies and maintain assessment artifacts

Provide risk-based guidance for security strategy decisions

Incident Response and Business Continuity

Participate in site reliability incident response activities, in particular post-incident reviews

Similarly participate in security incidents for risk impact and lessons learned

Support business continuity and disaster recovery planning

Conduct tabletop exercises and risk scenario planning

What are we looking for?

Education

Bachelor's degree in Computer Science, Information Security, Technology Risk Management, or related field

Relevant certifications can substitute for formal education requirements

Experience

3-5 years of experience in cybersecurity, risk management, or IT audit within the tech industry

Demonstrated experience with risk assessment methodologies and frameworks

Knowledge of security controls and their implementation

Experience with GRC tools

Technical Skills

Understanding of security technology concepts (firewalls, IDS/IPS, SIEM, vulnerability discovery, CI/CP pipelines)

Familiarity with cloud security (AWS, Azure, GCP)

Knowledge of network protocols and security architectures

Basic scripting abilities for automation

Certifications (Preferred)

CRISC (Certified in Risk and Information Systems Control)

CISA (Certified Information Systems Auditor)

CISSP (Certified Information Systems Security Professional)

CompTIA Security+ or CySA+

Soft Skills

Strong analytical and problem-solving abilities

Excellent written and verbal communication skills

Ability to translate technical risks into business impact

Detail-oriented with strong organizational skills

Ability to work independently and manage multiple projects

Additional Preferred Qualifications

Experience with specific GRC platforms (Vanta, OneTrust)

Knowledge of emerging threats and threat intelligence

Experience in cloud based technology organizations

Understanding of DevSecOps and agile methodologies

Experience in regulated industry sectors

What’s in it for you?

We offer our employees more than just competitive compensation. Our team benefits include:

Competitive pay and benefits

Flexible work from home or office hours

Startup culture backed by a secure, global brand

Opportunity help shape the future strategy of the Casino Product

Roster of Uniques

We care deeply about every interaction our customers have with us, and trust and empower our staff to own and drive their experience. Our vision for our business and customers is built on fostering a diverse and inclusive work environment where regardless of background or beliefs you feel able to be authentic and bring all your talent into play. We want to celebrate you being you (we are an equal opportunities employer)