<p>Job Description</p> <p>We're seeking a strategic and detail-oriented leader to take on the pivotal role of Head of Access Governance. This high-impact position sits at the heart of our IT Service Management function, ensuring the confidentiality, integrity, and availability of our customer-facing and internal platforms.</p> <p>You'll be responsible for designing and enforcing robust access policies and procedures across the Rank Group, aligning with Information Security standards and regulatory obligations. Your work will directly support our multi-channel business success by safeguarding critical systems and data.</p> <p>Key Responsibilities:</p> <ul> <li>Lead and evolve user access governance across Corporate, Venues, and Interactive services, ensuring alignment with the principle of least privilege and the business's risk appetite. </li><li>Ensure compliance with audit requirements, including Financial Reporting, Gambling Commission, and PCI-DSS, by maintaining demonstrable access controls and documentation. </li><li>Drive cost efficiency by managing ITSM-owned systems (e.g., Atlassian stack, Slack), ensuring unused licences are promptly removed. </li><li>Assess and mitigate access risks, developing tactical plans to address vulnerabilities that exceed acceptable thresholds or regulatory standards. </li><li>Manage and develop the newly formed 3-person User Access Management team, ensuring timely and compliant access revocation (e.g., leaver access removed within 24 working hours). </li><li>Oversee the Service Governance team, responsible for managing access to 50+ services within Rank Interactive. </li><li>Mentor and train teams on access management principles, including the Principle of Least Privilege and regulatory best practices. </li><li>Collaborate with technology teams to implement automation in starter, mover, and leaver processes, reducing manual workload and improving accuracy. </li><li>Work with business stakeholders to assess system usage (e.g., COGs/CAT, Dynamics) and implement Role-Based Access Control (RBAC) where appropriate. </li><li>Maintain a comprehensive catalogue of production systems, associated roles, and conduct periodic internal audits of user access. </li></ul>