Full-Time Head of Access Governance

• Lead and evolve user access governance across Corporate, Venues, and Interactive services, ensuring alignment with the principle of least privilege and the business’s risk appetite.
• Ensure compliance with audit requirements, including Financial Reporting, Gambling Commission, and PCI-DSS, by maintaining demonstrable access controls and documentation.
• Drive cost efficiency by managing ITSM-owned systems (e.g., Atlassian stack, Slack), ensuring unused licences are promptly removed.
• Assess and mitigate access risks, developing tactical plans to address vulnerabilities that exceed acceptable thresholds or regulatory standards.
• Manage and develop the newly formed 3-person User Access Management team, ensuring timely and compliant access revocation (e.g., leaver access removed within 24 working hours).
• Oversee the Service Governance team, responsible for managing access to 50+ services within Rank Interactive.
• Mentor and train teams on access management principles, including the Principle of Least Privilege and regulatory best practices.
• Collaborate with technology teams to implement automation in starter, mover, and leaver processes, reducing manual workload and improving accuracy.
• Work with business stakeholders to assess system usage (e.g., COGs/CAT, Dynamics) and implement Role-Based Access Control (RBAC) where appropriate.
• Maintain a comprehensive catalogue of production systems, associated roles, and conduct periodic internal audits of user access.

• Proven experience in a similar role, with a strong focus on assessing system risk across diverse gaming services and business operations.
• Successful design and implementation of Role-Based Access Control (RBAC) systems that uphold the principle of least privilege.
• Extensive knowledge of gaming operations, covering the full customer lifecycle and both internal and external platforms.
• Demonstrated success in working with internal and external auditors to showcase compliance with audit and regulatory standards.
• Strong collaboration skills, with experience partnering with risk, audit, compliance, and business teams to refine processes and meet regulatory obligations.
• Broad exposure to project management, operations, change management, and IT service management disciplines.
• Hands-on experience administering complex customer-facing systems in the gaming industry, with a clear understanding of the operational risks tied to mismanaged service configurations.
• Solid understanding of ISO 27001 and PCI-DSS frameworks, with the agility to adapt governance practices to a fast-paced, high-change environment.

What is the last date for applying to the job?

Which countries are accepted for this remote job?