Associate Lead, Regulatory Security Analyst

About The Position

Requirements

• 6+ years of experience in cybersecurity governance, regulatory compliance, risk management, or related security oversight roles
• Experience supporting structured regulatory frameworks or government oversight programs
• Strong understanding of identity governance, role-based access controls, least privilege principles, and vendor risk oversight
• Experience managing regulatory reporting timelines and structured compliance documentation
• Experience managing annex-style documentation frameworks or formal regulatory filings
• Demonstrated ability to coordinate audits, assessments, and regulator-facing engagements
• Experience leveraging or building AI-enabled tools to enhance GRC processes, including developing AI assistants or automation workflows to improve regulatory monitoring, documentation, and control oversight.
• Strong written communication skills with the ability to draft clear, defensible regulatory communications
• Experience working cross-functionally with Legal, HR, Engineering, and Executive stakeholders
• Strong program management and organizational skills with attention to detail
• Ability to operate independently in a high-accountability environment
• Familiarity with NIST or ISO aligned cybersecurity control framework

Nice To Haves

• Advanced degree or relevant certifications (CISSP, CISM, CRISC, etc.)

Responsibilities

• Overseeing the continuous execution and monitoring of Scopely’s regulatory and security compliance obligations within our rapidly expanding, global gaming environment.
• Focuses on regulatory program oversight, structured monitoring, and governance execution to ensure Scopely consistently meets its formal compliance commitments.
• Achieved through structured oversight, continuous monitoring, and disciplined governance across teams, systems, and vendors.
• Requires close partnership with the Security Officer, Legal, HR, IT, Product, and Data teams to maintain continuous compliance with all regulatory and national security commitments.
• Lead oversight of compliance with U.S. foreign investment and privacy regulations, advising internal teams and ensuring regulatory requirements are implemented consistently and effectively.
• Monitor adherence to the National Security Agreement Cybersecurity Plan, privacy and related regulatory requirements, ensuring controls operate as designed and deviations are promptly addressed.
• Oversee regulator-facing communications and required notifications, including non-objection submissions, storage and vendor updates, incident reporting within defined timelines, and annual compliance reporting.
• Maintain and manage security compliance documentation, ensuring updates are accurate, timely, and regulator-ready.
• Track and monitor role-based access controls for sensitive data, including onboarding/offboarding processes, privilege drift reviews, and third-party access.
• Oversee security compliance training for relevant personnel.
• Coordinate and support third-party assessments, regulatory reviews, and audit activities.
• Maintain structured documentation and evidence repositories to ensure audit readiness at all times.
• Identify gaps or process improvements and drive enhancements to strengthen governance and monitoring mechanisms.
• Partner with IT and Engineering to ensure monitoring, logging, and segregation controls align with regulatory expectations.

Benefits

• equity
• bonuses
• comprehensive benefits package
• healthcare benefits
• retirement benefits
• pet insurance
• paid holidays
• paid Scopely free days
• unlimited paid time off