IT Security Compliance Analyst na Potawatomi Bingo Casino

Pay based on experience | First shift

In this fast-paced, high energy environment where information system operation is essential, how do we ensure our Information Technology (IT) systems are kept up and running smoothly? This role will monitor, manage, and close existing compliance issues while analyzing internal systems for compliance with cybersecurity standards. Toward this end, they will work with IT support staff who perform vulnerability assessments and develop mitigation strategies to ensure compliance with current procedures and policies across the organization. The Information Technology (IT) Security Analyst will contribute to our continued success by demonstrating unsurpassed guest service, a high level of integrity and ethical standards, and personal and professional dedication to our Mission, Vision, and Values.   

Principal Duties and Responsibilities (*Essential Functions)

1. *Analyze technical controls to ensure that cybersecurity and compliance requirements are met.
2. Verify documented processes, procedures, and standards to validate maintenance of secure configurations.
3. Track enterprise compliance across multiple security frameworks and maintain records of requirements and mitigating controls.
4. *Oversee the development, documentation, and maintenance of cybersecurity controls and control frameworks.
5. Assist in performing internal risk assessments.
6. *Assist in the development of cybersecurity and privacy awareness training.
7. *Perform Information Security Training.
8. Develop Information Security training materials.
9. Assist in creating and maintaining exception management processes.
10. Perform vendor risk assessments.
11. Collaborate on IT projects to ensure that risk issues and cybersecurity policies are addressed throughout the project life cycle.
12. Protect our brand by securing critical information and technology assets, working with Casino Compliance to ensure compliance with corporate and regulatory policies/standards and industry best practices, while simplifying, enhancing, and enabling business initiatives.
13. Execute Information Security related projects and initiatives to better protect our guests’ and team members’ information.  Execute and communicate project tasks, timelines, and status information.
14. Identify cybersecurity deficiencies. Investigate and collaborate with business partners and IT on appropriate corrective action and report on findings.
15. *Continue education by attending seminars/webinars, keeping current with all aspects of information security and applicable regulatory and contractual technical security requirements.
16. *Perform job duties in full compliance with departmental Internal Controls, policies, procedures, and regulations
17. Perform other duties as assigned. 

Job Qualifications

1. A high school diploma and 3 to 5 years of progressively responsible, related information technology security experience are required. An Associate’s Degree in IT can take the place of 1 year experience,  a Bachelor’s degree in Information Technology, Computer Science, or a related field can take the place of 2 years of experience.
2. Must have familiarity of and experience with security topics and practices such as penetration testing, IT Security audits, information security metrics, identity and access management, regulations and compliance (such as PCI and HIPAA), incident response, and vulnerability management.
3. 3 or more years of experience conducting security control assessments or audits or equivalent preferred. .
4. 1or more years of experience developing or managing a security awareness program or equivalent preferred.
5. Knowledge of information security standards and information privacy laws.
6. Knowledge of core cybersecurity controls and systems such as risk analysis quantification and points of escalation.
7. Knowledge of IT cybersecurity regulations and standards, such as ISO and SOC2 Type 1 and Type 2.
8. Familiar with NIST 800-53, NIST Framework, CIS Standards or equivalent.
9. Familiar with cloud technologies and IaaS, PaaS, and SaaS platforms.
10. Demonstrated ability to implement new policies and programs.
11. Strong written and verbal communication skills.
12. Strong analytical and critical thinking skills.
13. Professional certification, such as CISA, CISM, CRISC, CISSP, or ISAAP preferred.
14. Office skills must include the ability to use standard office equipment, security technologies, and advance knowledge of Microsoft Office.
15. The ability to use strong organization skills and diligence to accurately handle multiple job duties and projects in a fast-paced environment.
16. The ability to maintain discretion in handling confidential information.
17. The ability to maintain composure and collaborate with others during periods of high pressure or adverse circumstances.
18. The ability to interact with guests and team members at all levels of the organization professionally, including the ability to speak in front of small groups.
19. The ability to occasionally work irregular hours and extended shifts include late nights, early mornings, weekends, and holidays.
20. While performing the duties of this job, the team member is required to talk, hear, and move freely throughout the office and property for duration of scheduled shift. The team member must be able to operate a personal computer.  Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.    

Working Conditions

The noise level is usually quiet. When on the casino floor, the noise level increases. The facility is not smoke free.

Disclaimer

The above statements are intended to describe the general nature and level of work being performed by people assigned to this job. They are not intended to be an exhaustive list of all qualifications, responsibilities, duties, and skills required.