Senior Cyber Controls Engineer

About Betfair Romania Development

Betfair Romania Development is the largest technology hub of Flutter Entertainment, with over 2,000 people powering the world’s leading sports betting and iGaming brands. Exciting, immersive and safe experiences are delivered to over 18 million customers worldwide, from our office in Cluj-Napoca. Driven by relentless innovation and commitment to excellence, we operate our own unbeatable portfolio of diverse proprietary brands such as FanDuel, PokerStars, SportsBet, Betfair, Paddy Power, or Sky Betting & Gaming.

Our Values

The values we share at Betfair Romania Development define what makes us unique as a team. They empower us by giving meaning to our contributions, and they ensure that we consistently strive for excellence in everything we do. We are looking for passionate individuals who align with our values and are committed to making a difference.

• Win together
• Raise the bar
• Got your back
• Own it
• Positive impact

About Flutter UKI

Flutter & Ireland are the UKI region of Flutter Entertainment. They unite a dozen brands including powerhouses Paddy Power, Betfair, Tombola and Sky Betting & Gaming, bringing together hundreds of teams and thousands of colleagues, who create trusted entertainment for millions of customers every week.

Role Overview

The Senior Cyber Controls Engineer will design, build, and manage the integrations that power Flutter UK&I's Cyber Controls Monitoring platform (Anecdotes), owning the full integration lifecycle from architecture through delivery. Working closely in the CCM team, the role sits at the intersection of technical engineering and control testing & monitoring, ensuring cybersecurity controls are continuously tested, evidenced, and aligned to regulatory frameworks. The engineer will be a founding technical contributor to a programme central to Flutter UK&I's cybersecurity strategy, directly shaping the region’s ability to detect control failures, support remediation, and demonstrate control health to key stakeholders.

Key Accountabilities & Responsibilities

Platform Engineering & Integration

• Design, build, and maintain all integrations between the Anecdotes platform and key systems, selecting the appropriate method — out-of-box, or custom — based on data requirements and system complexity.
• Ensure seamless connectivity between Anecdotes and critical data sources, always maintaining reliable and secure data flows.
• Integrate the platform with tools such as Jira or Slack to enable automated alerting, exception ticketing, and gaps notifications.
• Manage platform updates and new feature releases, assessing impact on existing integrations and incorporating changes in a controlled and documented manner.

Automated Control Monitoring

• Develop and implement automated data extraction and testing logic that enables continuous monitoring of cybersecurity controls across Flutter UK&I’s technology estate.
• Build automated detection of downward trends that indicate core control failures, reducing reliance on manual and point-in-time testing.
• Continuously identify opportunities to expand automation coverage across cybersecurity and the wider technology infrastructure.

Data Pipeline & Quality

• Build and maintain scalable data pipelines that extract, normalise, and deliver high-quality control evidence from multiple source systems into Anecdotes.
• Define data extraction logic per control test in collaboration with the CCM team, ensuring outputs meet the desired quality.
• Proactively monitor pipeline health, resolving integrity issues or connectivity failures before they impact monitoring outputs or reporting.
• Apply data handling best practices across all pipelines, respecting sensitivity classifications and access controls throughout.

Security & Architecture Standards

• Ensure all integrations are built in accordance with security best practices including least privilege, secure authentication, and encrypted data transmission.
• Collaborate with IT and Information Security teams on firewall rules, network access, and service account provisioning to support platform connectivity.
• Conduct regular technical reviews of the integration architecture, identifying risks and scalability constraints and proposing solutions proactively.

Stakeholder Collaboration & Enablement

• Support during intake triage by providing technical feasibility assessments and effort estimates for incoming requests.
• Work with second-line assurance, risk, and GRC teams to understand their data requirements, ensuring integrations are configured to meet their evidence and reporting needs.
• Provide input to the Head of Controls Performance & Governance on platform evolution, scaling decisions, and emerging tooling capabilities.

Reporting & Documentation

• Maintain comprehensive technical documentation for all integration architectures, connector configurations, data schemas, and platform settings.
• Support the design and build of the integration between Anecdotes and internal BI tooling, enabling automated data flows from control test outputs into BI dashboards that provide visibility of control maturity to internal stakeholders.
• Ensure the platform produces accurate, timely control evidence aligned to relevant frameworks and regulations (e.g., SOX, NIST CSF, ISO 27001, and PCI-DSS) to support compliance reporting.
• Maintain a technical risk register for the CCM platform, documenting integration risks and data quality issues with proposed mitigations.

Essential Skills, Capabilities & Experience Required:

• Proven experience integrating tooling via APIs, out-of-box connectors, and custom-built integrations.
• Experience with CI/CD tooling such as Jenkins, GitHub Actions, or equivalent, with the ability to build and maintain automated pipelines for deploying and managing integration configurations and platform updates.
• Proficiency in scripting languages (e.g., Python, PowerShell) for building and maintaining automated processes and tasks.
• Solid understanding of NIST CSF, with working knowledge of SOX, ISO 27001 and PCI-DSS.
• Self-motivated, delivery-focused, and comfortable working both independently and collaboratively in fast-moving environments.

Desirable Skills:

• Familiarity with GRC or CCM platforms.
• Hands-on experience with enterprise technologies such as Okta, CrowdStrike, Active Directory, or Jira.
• Experience with AWS security services including Lambda, Security Hub, Config, and CloudFormation.
• Exposure to cyber controls assurance through advisory, internal, or external audit functions.

Benefits

• Hybrid & remote working options
• €1,000 per year for self-development
• Company share scheme
• 25 days of annual leave per year
• 20 days per year to work abroad
• 5 personal days/year
• Flexible benefits: travel, sports, hobbies
• Extended health, dental and travel insurances
• Customized well-being programmes
• Career growth sessions
• Thousands of online courses through Udemy
• A variety of engaging office events

Disclaimer

We are an inclusive employer. By embracing diverse experiences and perspectives, we create a lasting, positive impact for our employees, customers, and the communities we’re part of. You don't have to meet all the requirements listed to apply for this role. If you need any adjustments to make this role work for you, let us know, and we’ll see how we can accommodate them.

We thank all applicants for their interest; however, only the candidates who best meet the job requirements will be contacted for an interview. By submitting your application online, you agree that your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than three years, to consider you for prospective roles within the company.

Key skills/competency

• Cybersecurity Controls
• Integration Engineering
• API Integrations
• Python Scripting
• CI/CD Pipelines
• NIST CSF
• SOX Compliance
• ISO 27001
• PCI-DSS
• Data Pipelines