Under general supervision of the CIO, provides leadership and oversight related to supporting and monitoring the IT security posture of the business, identifying potential risks, and assist in determining the best balance of risk, cost and benefit to adequately protect critical IT assets.
- Develops and promotes risk managed, consistent controls and processes to ensure IT risk management, security, privacy, and compliance are priorities.
- Provides gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the CIO.
- Establishes, documents & manages processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. ISO 27001, PCI, SOX, etc.).
- Works with business and IT stakeholders to establish priorities for process improvements that remediate or mitigate risk.
- Executes problem determination and resolution for security gaps.
- Interacts with other IT Staff / Business Leaders to enhance the understanding of security issues and to agree on solutions.
- Helps with IT asset security control coverage and metrics reporting regarding security and compliance data.
- Assists with threat & vulnerability management process and tools.
- Prepares automated and ad hoc reports and/or interpret data from various security sources (e.g. Security & Information Event Management, Intrusion Protection System), Data Loss Prevention, etc.).
- Facilitates and executes responses to regulatory questionnaires & inquiries, Audits, and Remediation Plans.
- Supports security awareness training efforts across the business.
- Monitors and provides support for business unit implementations of security technology initiatives and remediation measures.
- Assesses and consults on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
- Implements security policies and procedures.
- Monitors server logs, firewall logs, intrusion detection logs, and network traffic for unusual or suspicious activity. Interprets activity and make recommendations for resolution.
- Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
- Interacts with vendors, outsourcers, and contractors to obtain protection services and products.
- Recommends, schedules, and performs security improvements, upgrades, and/or purchases.
- Maintains professional and technical knowledge by conducting research, attending seminars, educational workshops, classes and conferences; reviewing professional publications; establishing networks; participating in professional societies; conferring with representatives of contracting agencies and related organizations.
- Contributes to a team effort and accomplishes related results as required.
- Performs other duties as required.
- Provides excellent internal and external guest services, treating all guests with courtesy and consideration at all times.
- Cooperates and communicates with all employees, always exhibiting mutual respect and consistently projecting a positive, helpful image and attitude.
- Monitors production and service levels by interacting with guest and staff
- Ensures company information provided by management is effectively communicated to assigned staff and ensures staff concerns, request for information, and ideas for improvement are effectively relayed to management.
- Facilitates the flow of information throughout the area of responsibility by presiding over scheduled meetings with staff and team members as required.
- Stays informed of company information and communications by reviewing all e-mails, digital boards and SharePoint.
- Maintains excellent working relationships with other Company staff and all applicable regulatory commissions and other agencies as may be applicable to ensure compliance.
- Performs all duties in accordance with company core values, objectives of the Osage Nation, internal policies and procedures, as well, as applicable laws and gaming regulations, including but not limited to, the state-tribal compact, IGRA, MICS, ONGR, the Bank Secrecy Act, Office of Foreign Asset Control, USA Patriot Act and Privacy Act.
- Bachelor’s Degree in Computer Science, MIS, IT or related field.
- Three years security experience in the Casino / Hospitality industry.
- Security certification such as CISSP, Security+ preferred.
- Experience working with enterprise IT security tools and reviewing logs.
- Experience with the technical aspect of network security including TCP/IP, firewall, VPN, encryption technologies, IPS, IDS, SIEM, Routing and Switching.
- Or equivalent combination of education, experience, or training.
- Must be 21 years of age.
- Must be able to pass background check, with no prior convictions of any felonies.
- Must be able to obtain and maintain Osage Nation Gaming License.
- Required to sit for up to 8 hours per day.
- Ability to stand, walk, stoop, kneel or crouch while performing duties.
- Ability to use hands to finger, handle, or feel.
- Ability to use arms to reach and lift above shoulders.
- Must have normal auditory and good verbal communication.
- Ability to distinguish colors, good eye sight and capacity to read very small print.
- Ability to lift, push, or pull upwards of 25 pounds.
- Work is typically performed within an office and Casino setting.
- Exposure to second-hand smoke and a high noise level.
- Supports a 24/7 systems environment.
- Evening and weekend shifts may be required. Extended hours and irregular shifts may be required.