DIRECTOR, IT SECURITY & COMPLIANCE

About The Position

Requirements

• Ability to communicate effectively with Guests, Team Members and Management in both written and verbal form.
• Bachelor's degree in Cybersecurity, Information Security/Systems, Information Technology, Accounting, Computer Science, or related field.
• 10+ years of progressive cybersecurity/security leadership experience in regulated environments.
• Demonstrated experience managing regulatory compliance within gaming jurisdictions and Tribal Gaming Commission requirements.
• Expertise in casino management and slot systems, payment processing (PCI), digital wallets, and hospitality PMS/POS systems.
• Strong knowledge of cloud and hybrid environments and associated security models.
• Exceptional communication skills to interact with executives, Tribal leaders, regulators, and cross-functional teams.
• Prior internal audit experience, including IT general controls, SDLC/program management, and governance/security audits.
• Familiarity with FIGR Regulations, Tribal-State Compacts, NIGC and GLI technical standards, and risk/control concepts across IT domains.
• Ability to manage complex operations with strong judgment, initiative, organizational skills, and problem-solving rigor.
• Proficiency with Microsoft Office Suite and Microsoft 365 tools for secure file and communication management.

Nice To Haves

• Experience in gaming/hospitality and Tribal governance.
• Master's degree in Cybersecurity, Information Security/Systems, Information Technology, Accounting, Computer Science, or related field.
• Professional certifications such as CISSP, CISM, CRISC, CISA, or CGCS (Certified Gaming Compliance Specialist).

Responsibilities

• Responsible for redefining hospitality at Graton Resort & Casino while living, supporting, and promoting our values.
• Perform responsibilities in accordance with all Graton Resort & Casino standards, policies, and procedures.
• Develop and execute a comprehensive cybersecurity strategy aligned with business goals, regulatory requirements, and guest experience priorities across the Graton Enterprise (this includes Graton Resort & Casino, FIGR Tribal government, and Tribal Gaming Commission).
• Establish security policies and risk management frameworks consistent with Tribal Gaming Commission (TGC) regulations, NIGC guidelines, and industry standards (e.g., NIST).
• Serve as the primary security liaison for executive leadership, Tribal Council, audit committees, and regulatory bodies.
• Ensure cybersecurity compliance with gaming regulators, PCI, SOX, privacy laws, and internal policies.
• Oversee secure management of systems and data including gaming systems, digital wallets, loyalty tools, and financial transaction platforms by developing and reviewing policies, SOPs, and internal auditing.
• Build and lead a 24/7 security operations function with robust monitoring, threat detection, and rapid incident response capabilities.
• Establish and test incident response playbooks integrated with business continuity and disaster recovery, including Tribal emergency coordination.
• Safeguard sensitive personal data, payment systems, and identity management across hotel, casino, and online touchpoints; manage vendor risk and third-party/cloud security practices.
• Champion a proactive cybersecurity culture through training, awareness, and certification programs; partner with cross-functional teams to enable secure digital innovation.
• Stay current with gaming laws/regulations, auditing techniques, and IT trends; continuously review processes to align with best practices; perform other duties as assigned.
• This job description is not an exclusive or exhaustive list of all job functions that a team member in this position may be asked to perform from time to time. Duties and responsibilities may be changed, expanded, reduced, or delegated by Management to meet the business needs of the property.