Senior Governance, Risk & Compliance; GRC Analyst

Reports To: IT Compliance and Information Security - Team Lead & DPO

Welcome to Pinnacle, the ultimate destination for sports enthusiasts seeking an exhilarating sports book and gaming experience! Established in 1998, we have solidified our position as one of the globe's foremost licensed online gaming companies. With our cutting-edge offerings, we guarantee an electrifying experience that will keep you on the edge of your seat.

Pinnacle invites you to join our team and become an instrumental figure in the exciting realm of sports betting. Our vibrant team is fueled by passion and driven by innovation, working together to redefine the landscape of sports betting and gaming. Together, we constantly strive to surpass limitations and deliver unparalleled experiences to sports enthusiasts worldwide. Prepare yourself for a thrilling journey and discover sports in an entirely new dimension with Pinnacle!

We are looking for a detail-oriented and knowledgeable GRC Security Analyst to join our Governance, Risk & Compliance team. This role is central to managing regulatory compliance, security governance, and risk management activities across the enterprise. The successful candidate will play a key role in driving and maintaining security and compliance frameworks, managing audit processes, and ensuring data protection and security controls are enforced across Pinnacle’s systems, including cloud, on-prem, and user-facing platforms.

• Perform ongoing risk assessments and maintain a risk register.
• Conduct internal compliance audits and prepare for external assessments (ISO 27001, PCI DSS, GDPR).
• Implement and manage Microsoft Purview policies
• Develop and enforce security governance frameworks and policies.
• Support user access reviews and IAM compliance enforcement.
• Track remediation of audit findings and compliance gaps.
• Maintain compliance with data protection and privacy standards.
• Liaise with the Security Engineering and SOC teams to validate control implementation.
• Liaise with other teams such as Customer Service, Legal, Development, End-User Support, Systems Engineering, Database Administrators, Executives, etc.
• Support training and awareness programs on security governance and user responsibilities.
• Assist in the preparation and delivery of reports for senior management and auditors.

• 5+ years of experience in security governance, risk, and compliance roles.
• Strong knowledge of ISO 27001, PCI DSS, GDPR, NIST, or similar frameworks.
• Experience coordinating audits, managing compliance tools, and writing policies.
• Familiarity with IAM, access control policies, and endpoint security compliance.
• 3 + years of Experience in tracking and managing technical change controls.
• 3+ years of experience with forensic tools (e.g., Wireshark, Volatility, FTK).
• 1+ year of experience in implementing and managing Microsoft Purview
• Strong Understanding of web security risks and mitigation strategies.

Mandatory:

• Microsoft Certified:
  Information Security Administrator Associate (SC-401).

Preferred:

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Certified Risk and Information Systems Control (CRISC)
• AWS Certified Security – Specialty

• Microsoft Certified:
  Information Protection Administrator Associate (SC-400)
• Understanding of cloud security compliance in Azure and AWS.
• Strong documentation, project coordination, and reporting skills.

• Embedded within the Governance, Risk & Compliance team and collaborating cross-functionally with IT, Security Operations, and Engineering teams.

We are an equal opportunity employer dedicated to fostering an inclusive and diverse workplace. We prioritize hiring the best candidates based on their skills and qualifications, irrespective of race, gender, age, religion, or any other characteristic. Our strength lies in our diverse teams, and we proudly celebrate and empower everyone to embrace and promote diversity throughout their time with us.