
51 - 200 employees
Founded 2011
🎮 Gaming
👥 B2C
Gaming • B2C
Patrianna is an international iGaming product and technology company headquartered in Gibraltar that builds engaging web and app-based gaming products for millions of players worldwide. The remote-first team focuses on strategy, product development, product management, and technology innovation to deliver tailored iGaming experiences and scalable software solutions. Patrianna also actively recruits across product, design, technology, marketing, and operations and expresses public support for Ukraine.
🔥 0 minutes ago
Improve your chances of getting an interview by checking your resume score before you apply.

51 - 200 employees
Founded 2011
🎮 Gaming
👥 B2C
Gaming • B2C
Patrianna is an international iGaming product and technology company headquartered in Gibraltar that builds engaging web and app-based gaming products for millions of players worldwide. The remote-first team focuses on strategy, product development, product management, and technology innovation to deliver tailored iGaming experiences and scalable software solutions. Patrianna also actively recruits across product, design, technology, marketing, and operations and expresses public support for Ukraine.
• Own the vendor and third-party risk lifecycle for a fast-scaling tech company, while supporting the wider GRC programme across ISMS, privacy, and compliance. • Third-Party Risk (Champion) — Own the full vendor risk lifecycle: due diligence, security questionnaires, risk rating, contractual safeguards (DPAs, security schedules), and ongoing monitoring. Maintain the supplier register and drive reassessment cadence based on criticality. • Supplier Assurance — Track fourth-party dependencies and concentration risk across critical suppliers, aligning oversight with DORA ICT third-party requirements and ISO 27001 supplier controls. • ISMS & Audit Readiness — Support policy maintenance, control mapping, and evidence collection to keep the Statement of Applicability (SoA) current and audit-ready across the entities and clients you cover. • Risk Management & RCSA — Execute risk assessments using an ISO 31000-aligned methodology and contribute to Risk & Control Self-Assessment workshops and remediation tracking. • Privacy Operations — Support RoPA maintenance, DPIAs, and data subject requests — with a focus on processor and controller arrangements with vendors and group entities. • Governance Reporting — Prepare third-party risk materials for governance committees and keep registers accurate, visible, and current.
• Solid GRC grounding — A proven track record in GRC, IT audit, vendor risk, or information security, with hands-on third-party/supplier risk responsibility. • Third-party risk proficiency — Practical experience running vendor due diligence, security questionnaires (SIG, CAIQ, or equivalent), and contractual risk review. • Framework knowledge — Working knowledge of ISO/IEC 27001:2022 supplier controls, ISO 31000, and GDPR processor obligations; familiarity with DORA third-party requirements is a plus. • Independent thinker — You go beyond the checklist — you understand the *why* behind a control, spot gaps, and propose improvements without being prompted. • Pragmatic compliance mindset — You see GRC as a business enabler, not a blocker, and know how to balance rigor with momentum. • Clear communicator — Precise, confident writing across questionnaires, risk memos, and supplier-facing responses that need minimal oversight.
• Health insurance • Vacation days • Remote work options
Apply Now