Job Details
Description
SUMMARY:
This position will be a part of the Four Winds Information Security Team. Responsibilities will include gathering information and assessing risks on projects, information systems, and the enterprise as a whole.
ESSENTIAL DUTIES AND RESPONSIBILITIES Include The Following
- Assess risk on projects and initiatives.
- Evaluate third party risk.
- Participate in the annual enterprise risk assessment:
- Identify information systems, system owners, data custodians, stakeholders, data flows, and integration points across the enterprise.
- Perform business impact analysis on systems.
- Perform data classification on information systems to determine critical assets, integration points, and information flows.
- Interact with the business owners to determine risk.
- Understand the threat landscape, vulnerability state, and current controls.
- Evaluate and measure the current control set, recommending controls to fill any gaps.
- Create remediation plans for addressing risk and facilitate the efforts.
- Update organizational policies based on the remediation plans and controls
- Audit control set.
- Evaluate controls for compliance such as PCI-DSS,HIPAA, and Gaming Regulations.
- Interface with other departments including risk management, legal, and audit.
- Map policies up to organizational objectives & risks, and down to measureable controls.
- Remain involved in the industry and up to date on trends, new technologies, and new threats
The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required of personnel so classified.
Promotes the following within the department and among all employees:
- Creates an atmosphere of fun for all casino guests.
- Encourages mutual respect, dignity and integrity with all employees by setting positive examples at all times.
Qualification Requirements
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
EDUCATION And/or EXPERIENCE
1-3 years experience in Information Security, Network Engineering, Incident Handling, and/or Security Operations. Risk assessment experience a plus.
Bachelor’s Degree in Computer Science, Information Systems, or related discipline, or an equivalent combination of education and experience.
Certifications a Plus But Not Required, Such As
GIAC Security Essentials (GSEC)
GIAC Critical Controls Certification (GCCC)
ISACA Certified Information Security Auditor (CISA)
Special Qualifications
Familiarity with NIST 800-53, CIS Critical Security Controls, COBIT, and/or OCTAVE a plus.
Familiarity with Payment Card Industry Data Security Standards, Health Insurance and Accountability Act, and other compliance regulations a plus.
The ability to relate complex technical topics in terms of the business impact to varying audiences.
Public speaking and presentation skills.
Local travel between sites required.
This position requires a Level 2 Gaming License.
Language Skills
Ability to read, analyze, and interpret the most complex of documents, such as technical journals, financial reports and legal documents. Ability to respond to common inquiries or complaints from guests, regulatory agencies, or members of the business community. Ability to effectively present information in one-on-one and small group situations.
Mathematical Skills
Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions, and decimals, and work with mathematical concepts such as probability and statistical inference.
Reasoning Ability
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret an extensive variety of technical instructions in mathematical or diagram form and deal with several abstract and concrete variables. Ability to leverage technical expertise to fully understand and meet the finance department’s technical and reporting needs and requirements. Ability to develop and maintain a strong relationship with casino technical staff. Ability to communicate technical information to non-technical personnel. Ability to specify and develop queries/reports using a range of software. Ability to think logically and follow detailed instructions.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
While performing the duties of this job, the employee is regularly required to talk or hear. The employee is also regularly required to stand, walk, sit and use hands to finger, handle or feel objects, tools or controls. The employee is occasionally required to reach with hands and arms, and to sit, climb or balance; and stoop, kneel, crouch or crawl.
The employee is frequently required to lift and/or move up to twenty-five pounds, occasionally lift and/or move up to fifty pounds, and infrequently lift and/or move up to one hundred pounds.
Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust focus.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
The employee is frequently required to risk danger of electrical shock and/or radiation (from computers).
The noise level in the work environment is usually moderate. When on the casino floor, the noise level increases to loud. A casino environment is typically smoky.
