Senior GRC Specialist

The Mill Adventure is a scale-up with the ultimate mission of building awesome products that will change the way the iGaming industry operates. We started our journey in 2019, with the vision of building a technology driven organisation and creating a team consisting of the best of the best specialists in their respective fields.

Today, we provide a complete gaming platform, including licences and operations, for rapid deployment and success in iGaming. Our team of 130+ technology and iGaming experts is guided by passion for invention, operational excellence and commitment to improve the inefficient.

We trust and value our team and we strive to accommodate the right working conditions for each individual, in remote, office based or mixed models. We see the strength in being different and embrace the cultural diversity existing in our group.

As our business continues to grow, we are looking for a highly autonomous and experienced Senior / Lead GRC Specialist. In this role, you will not just maintain our GRC function—you will own it. Working closely with our CISO and security engineering team, you will be responsible for defining the road ahead: identifying our gaps, selecting the right frameworks, and taking full responsibility for our governance, risk, and compliance posture. We need a mature professional who knows how to listen to engineering teams, build pragmatic policies, and drive security without being a roadblock.

What You Will Do:

• Establish the GRC Roadmap: Assess our current environment, identify gaps, and design a clear, actionable GRC roadmap aligned with our business goals. You tell us what we are missing and how to fix it.
• Act as a Business Enabler: Eradicate the "security as a blocker" mentality. Partner actively with product and engineering teams during the design phases to find secure paths to "yes," ensuring our governance supports business velocity rather than slowing it down.
• Lead Framework Implementation: Take full responsibility for managing and maturing our ISO 27001:2022 certification. Drive compliance initiatives for PCI DSS and prepare our posture for NIS2 requirements.
• Drive Risk Management: Autonomously select and implement the most appropriate risk management frameworks. Own the risk register, lead risk assessments, and translate complex technical risks into clear business impacts and mitigation strategies.
• Design Business-Aligned Governance: Design, write, and enforce information security policies and standards. Actively solicit feedback from engineering and business teams to ensure policies are practical and business-enabling.
• Champion Security Culture: Own and evolve our security awareness program. Move us beyond boring, "check-the-box" compliance videos by creating engaging, context-aware training that actually resonates with engineers, product teams, and business operations.
• Lead Audits & Compliance: Take the helm on all internal and external security-focused audits, assessments, and reviews. Act as the definitive subject matter expert for regulatory inquiries.