Cybersecurity Risk Analyst

What we’re building 

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team passionate about learning, operating, and creating innovative products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we always act authentically.  

Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, Hard Rock Digital taps into a brand known worldwide as a leader in gaming, entertainment, and hospitality. We’re bringing that legacy into the digital space - ready to join us? 

About the Role

We are seeking an experienced Cybersecurity Risk Analyst to join the Security Risk Management (SRM) team at a leading US online gaming platform. Reporting to the Director of SRM, this role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards.

This role goes beyond traditional GRC. Our SRM team operates an AI-augmented Integrated Management System (IMS) built on ISO 27001 PDCA principles, where agentic AI tooling and its ecosystem of security skills are core to daily workflow. The ideal candidate brings strong risk management fundamentals and the ability to leverage AI tools to accelerate risk assessment, compliance evidence gathering, policy development, and executive reporting. We need someone who can hit the ground running with our AI-driven approach and actively identify new ways to apply AI across all SRM use cases.

This role is crucial for proactively managing technology risks and maintaining a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen and AI fluency to effectively communicate and manage risks across all organizational levels.

What Sets This Role Apart

This is not a traditional GRC analyst position. You will work in an environment where:

• AI is core tooling. AI agents and our ecosystem of 50+ security-specific skills are how we draft policies, gather audit evidence, validate compliance, assess vendors, and produce executive reports

• Live data powers AI workflows. MCP servers connect our AI agents directly to GRC, security monitoring and defence, communications, and threat intelligence tools, enabling real-time compliance queries and automated evidence collection rather than manual data gathering

• Our documentation lives in code. Our Integrated Management System is a git repository structured around ISO 27001 PDCA, not a collection of Word documents in SharePoint

• You will shape how AI is used. Beyond using AI tools, you will help define AI governance for the organization and continuously improve how AI supports SRM operations

• Gaming adds complexity. Multiple jurisdictional gaming commissions, GLI certification, and real-time financial systems create a uniquely challenging regulatory environment

• If you thrive at the intersection of security risk management and AI-driven productivity, and you are excited about pushing the boundaries of what AI can do for GRC, we want to hear from you.

What You'll Do

Risk Assessment and Management

• Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations

• Develop and maintain risk registers, threat models, vulnerability and threat management programs, and risk treatment plans across eight enterprise risk categories

• Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005, ISO 31000, NIST RMF)

• Evaluate third-party vendor security risks and assess supply chain vulnerabilities using structured TPRM frameworks

• Leverage AI tools to accelerate risk identification, analysis, and reporting workflows

Risk Mitigation and Control Implementation

• Develop and recommend risk mitigation strategies and security controls

• Collaborate with technical teams to implement security measures and monitor their effectiveness

• Track remediation efforts and verify risk reduction activities via GRC platform integrations

• Create and maintain risk metrics and key risk indicators (KRIs)

Compliance and Governance

• Ensure alignment with regulatory and industry requirements including state-specific gaming regulations (GLI-19, GLI-33, GLI-GSF), ISO 27001, ISO 42001, PCI DSS v4.0, SOC 2, NIST CSF, and GDPR

• Support internal and external audits (Deloitte, Bulletproof, Schellman) by gathering evidence, preparing documentation, and coordinating audit activities

• Maintain security policies, procedures, and risk management frameworks within the IMS

• Contribute to AI governance activities including AI service registry maintenance, Shadow AI detection, and ISO 42001 compliance

• Assist in developing and updating the organization's cybersecurity and AI governance strategy

AI-Augmented Risk Operations

• Use agentic AI tools with associated skills and agents as core productivity multipliers for risk analysis, policy drafting, compliance validation, and reporting

• Operate within a git-based Integrated Management System, using AI skills for tasks such as ISO evidence gathering, threat modelling, third-party risk assessment, and executive communication

• Work with Model Context Protocol (MCP) servers to connect AI agents to live data sources (GRC platforms, identity providers, collaboration tools, threat intelligence feeds) enabling real-time, context-aware risk analysis and automated evidence collection

• Identify opportunities to extend agentic automation by integrating new MCP servers and APIs into existing AI workflows, reducing manual effort across compliance, audit, and risk operations

• Identify and develop new AI-driven approaches to SRM challenges, continuously exploring how AI can improve risk assessment accuracy, audit preparation efficiency, and compliance coverage

• Contribute to prompt engineering, skill development, and workflow optimization for AI tools used by the SRM function

• Maintain awareness of AI security risks and participate in AI risk assessments for new tools and services

Reporting and Communication

• Prepare risk reports and dashboards for management, audit committees, and gaming regulators

• Present risk findings and recommendations to technical and non-technical audiences

• Document risk assessment methodologies and maintain assessment artifacts

• Provide risk-based guidance for security strategy decisions

• Use AI tools to generate structured executive reports and translate technical findings into business language

Incident Response and Business Continuity

• Participate in security incidents for risk impact assessment and lessons learned

• Participate in site reliability incident response activities, in particular post-incident reviews

• Support business continuity and disaster recovery planning

• Conduct tabletop exercises and risk scenario planning