Director of Information Security and Compliance (Onsite) (33669)

About The Position

Requirements

• Bachelor’s degree in computer science or related field, an equivalent combination of education and experience will be considered.
• Eight years of IT security and compliance experience with at least 5 years in a leadership role
• Strong financial acumen
• Direct management of cross-functional teams, including managing third party service providers
• Must be familiar with Microsoft products
• Must possess excellent written and verbal communication skills. Must be able to communicate in English.

Nice To Haves

• Leadership experience in a casino/hotel resort environment strongly preferred
• CISSP certification strongly preferred

Responsibilities

• Oversees the creation, execution and maintenance of information security and compliance related operations, plans, standards, policies and procedures throughout the organization.
• Primary responsibility for determining the vision and strategy for all information security and compliance related services.
• Overall responsibility for ensuring all technology platforms and systems are protected against threats and vulnerabilities while maintaining their overall integrity and security.
• Oversees all vulnerability detection and remediation efforts.
• Certifies all systems operate in accordance with all applicable Tribal regulatory controls, federal standards (PCI, GDPR, CPPA, etc.) and that potential weaknesses cannot be exploited for fraud, misuse, or theft.
• Develops and maintains an information privacy and security-conscious culture throughout the organization.
• Drives a company-wide technology related security architecture and engineering strategy.
• Manages the development of education and training programs on information security and privacy matters for team members and other authorized users.
• Develops, implements and maintains risk assessment, incident reporting and response systems, to address security breaches, policy violations and grievances from external parties.
• Manages investigations of situations in which security may have been compromised and notifies the Chief Information Officer and other senior management of any unusual transactions impacting system security.
• Serves as the official contact for information security and data privacy issues, including reporting to regulatory authorities and law enforcement.
• Works closely with other IT leadership team members on ensuring system enhancements do not compromise compliance requirements or security standards.
• Develops and maintains collaborative, strategic partnerships with all relevant internal departments as well as external vendors, regarding IT security and compliance related information technology solutions.
• Keeps abreast of the latest IT security and privacy legislation, regulations, advisories, alerts and vulnerabilities and develops implementation strategies to ensure the company’s security program and software remain current and secure.
• Maintains appropriate information security and compliance related staffing levels by interviewing, selecting, training, scheduling, evaluating, promoting, disciplining and terminating team members, as needed.
• Ensures work performance standards, and team member development programs maximize the individual growth and development of staff.
• Provides outstanding customer service in a timely manner to both guests and fellow team members.
• Performs other duties as assigned.