Under the direction of the Cyber Security Manager, the Information Security Risk Analyst role is to strategically perform risk management and compliance activities across the San Manuel Band of Mission Indians (SMBMI) organization. The Information Security Risk Analyst must have an extensive working knowledge of the current state of all our IT systems and must work closely with both Information Technology and various Business teams to insure proper security controls are in place for all current and future IT systems.
The Information Security Risk Analyst will champion a security mindset to all SMBMI personnel and must also understand the value of standards, policy and procedures, operational effectiveness and high availability. This individual will provide consultation on various compliance frameworks such as PCI-DSS and HIPAA. The Information Security Risk Analyst will evaluate and develop system security plans, policies, and standards to ensure compliance with regulatory frameworks and industry best practices
Essential Duties & Responsibilities
Perform the following duties with a focus on governance and compliance:
- Design and implement long-term strategic goals and short-term tactical plans for managing and maintaining corporate systems, data and network.
- Assist in auditing computer systems to ensure they are operating securely and that data is protected from both internal and external attacks. Will perform security scans using vendor utility tools.
- Develop information security standards and policies to address both compliance requirements and information security best practices.
- Ensure that proposed and existing systems architectures are aligned with required security goals and objectives.
- Provide security expertise, technical leadership, and assistance to Business Analysts, Network Technicians, Systems Architects, and software development teams.
- Maintain a solid understanding of Tribal Gaming requirements, industry gaming requirements and MICS concerning security issues.
- Document the company’s existing security systems portfolio; make recommendations for improvements and/or alternatives.
- Develop, document, and communicate plans for investing in tribal system security, including analysis of cost reduction opportunities.
- Conduct research on emerging security technologies in support of systems development efforts, and recommend technologies that will increase cost effectiveness and systems flexibility in a holistically secure environment.
- Develop and promote cyber security awareness products.
- Lead investigations of security violations and breaches and recommends solutions; prepares reports on intrusions as necessary and provides analysis summary to management.
- Support the integration with the Tribe’s Managed Security Services Provider (MSSP) services, and distributed cyber security toolsets. This may include leveraging existing technologies within the organization, programming, scripting, or other software and system integration work.
- Provide cradle-to-grave lifecycle management of cyber security toolsets consumed by peer functions within the Information Security program. This includes designing, planning, acquisition, inventory, process documentation, deployment, administration, maintenance, configuration change management, monitoring, troubleshooting, capacity estimation, status and service metrics reporting, decommission and other service assurance activities.
- Provide incident response support as toolset-specific Subject Matter Expert for security events including but not limited to intrusion detection, malware infections, denial of service attacks, privileged account misuse and network breaches.
- Collaborate with IT and Business Unit management.
- Perform other duties as assigned.
- Bachelor’s Degree in Information Technology preferred; 10 years related experience and/or equivalent combination of education and experience.
- Three or more years of experience in policy development, IT audits, information systems management, or data security experience.
- Data Security or Audit Certifications such as CISSP, CRISC, GIAC, CHFI, CISA and CISM desired.
- Experience with SIEM Technologies, Log Harvesting/routing/management Tools, Security Analytics Platforms, Network Recording and Forensic Offerings. Additional Cyber Security Toolsets, Including Fraud Monitoring, Data Leakage Prevention, And Privileged Access Monitoring a Plus.
- Experience with PCI-DSS, HIPAA, Bank Secrecy Act and other regulatory frameworks is desirable.
- Knowledge of the San Manuel Casino Policies and Procedures, or a similar tribal/gaming environment, is highly desired.
- Experience working with information security practices, networks, software, and hardware.
- Experience developing and revising information security policies, standards and guidelines.
- Strong communications and presentation skills.
- At the discretion of the San Manuel Tribal Gaming Commission you may be required to obtain and maintain a gaming license.
- A qualified candidate/employee must have a valid driver’s license with an acceptable driving record as determined by the company’s insurance carrier.
San Manuel Band of Mission Indians and San Manuel Casino will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.