Cybersecurity Risk Analyst

• What we’re building

• Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team passionate about learning, operating, and creating innovative products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we always act authentically.
• * Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps into a brand known worldwide as a leader in gaming, entertainment, and hospitality. We’re bringing that legacy into the digital space - ready to join us?
• About the Role
• We are seeking an experienced Cybersecurity Risk Analyst to join the Security Risk Management (SRM) team at a leading US online gaming platform. Reporting to the Director of SRM, this role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards.

This role goes beyond traditional GRC. Our SRM team operates an AI-augmented Integrated Management System (IMS) built on ISO 27001 PDCA principles, where agentic AI tooling and its ecosystem of security skills are core to daily workflow. The ideal candidate brings strong risk management fundamentals and the ability to leverage AI tools to accelerate risk assessment, compliance evidence gathering, policy development, and executive reporting. We need someone who can hit the ground running with our AI-driven approach and actively identify new ways to apply AI across all SRM use cases. This role is crucial for proactively managing technology risks and maintaining a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen and AI fluency to effectively communicate and manage risks across all organizational levels.

• What Sets This Role Apart
• This is not a traditional GRC analyst position. You will work in an environment where:
• AI is core tooling. AI agents and our ecosystem of 50+ security-specific skills are how we draft policies, gather audit evidence, validate compliance, assess vendors, and produce executive reports

Live data powers AI workflows. MCP servers connect our AI agents directly to GRC, security monitoring and defence, communications, and threat intelligence tools, enabling real-time compliance queries and automated evidence collection rather than manual data gathering Our documentation lives in code. Our Integrated Management System is a git repository structured around ISO 27001 PDCA, not a collection of Word documents in SharePoint You will shape how AI is used. Beyond using AI tools, you will help define AI governance for the organization and continuously improve how AI supports SRM operations Gaming adds complexity. Multiple jurisdictional gaming commissions, GLI certification, and real-time financial systems create a uniquely challenging regulatory environment If you thrive at the intersection of security risk management and AI-driven productivity, and you are excited about pushing the boundaries of what AI can do for GRC, we want to hear from you.

• What You'll Do
• Risk Assessment and Management
• Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations

Develop and maintain risk registers, threat models, vulnerability and threat management programs, and risk treatment plans across eight enterprise risk categories Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005, ISO 31000, NIST RMF) Evaluate third-party vendor security risks and assess supply chain vulnerabilities using structured TPRM frameworks Leverage AI tools to accelerate risk identification, analysis, and reporting workflows

• Risk Mitigation and Control Implementation
• Develop and recommend risk mitigation strategies and security controls

Collaborate with technical teams to implement security measures and monitor their effectiveness Track remediation efforts and verify risk reduction activities via GRC platform integrations Create and maintain risk metrics and key risk indicators (KRIs)

• Compliance and Governance
• Ensure alignment with regulatory and industry requirements including state-specific gaming regulations (GLI-19, GLI-33, GLI-GSF), ISO 27001, ISO 42001, PCI DSS v4.0, SOC 2, NIST CSF, and GDPR

Support internal and external audits (Deloitte, Bulletproof, Schellman) by gathering evidence, preparing documentation, and coordinating audit activities Maintain security polic