Engineer – InfoSec GRC (Governance, Risk, and Compliance)

Wynn Resorts•Las Vegas, NV

About The Position

The Engineer – InfoSec GRC (Governance, Risk, and Compliance) is the primary technical resource supporting the objectives of the GRC team for Wynn Resorts North America. This role owns and optimizes control testing procedures to be executed either by the InfoSec GRC team of analysts or various automation tools, and organizes supporting documentation including architecture diagrams, data flow diagrams, vendor documentation, etc. to demonstrate effectiveness to internal and external auditors. This role will be key in growing the technical maturity of the GRC program, reporting to the Manager – IT GRC, with general direction from the VP of Information Security and CISO and Executive Director of Information Security Engineering. The GRC team supports one of the four pillars of Information Security under the Chief Information Security Officer; the others are Architecture & Engineering, Incident Response, and Identity & Access Management.

Requirements

College diploma or university degree in computer science or related discipline and/or 4 years of equivalent work experience.
Four Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
Effectively translate industry regulations, standards, and internal controls to all audience types, including non-technical stakeholders and highly technical IT engineers and architects.
Excellent ability to collaborate with other teams with alternative or conflicting areas of focus.
Working knowledge of Information technology systems at the application, data, operating system, virtualization, storage, and networking layers.
Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
Researching and locating information related to internal and external organizations using online and other sources.
Troubleshooting and operating a computer and various software packages.
Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
Using judgment and ingenuity in maintaining objectives and technical standards.
Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
Comprehend technical language and to confer, analyze and write in an objective, lucid manner.
Work independently and prioritize multiple tasks and adapt to needed changes.
General ability to pull data from database tables, database views, application sources, and other data stores for the purpose of compliance reporting.
Poise and ability to act calmly and competently in high-pressure, high-stress situations.
Familiarity with state, local, federal, and gaming laws & regulations, as well as risk assessment and management methodology.
Must be a critical thinker with strong problem-solving skills.
Remain calm under high pressure/difficult situations.
Maintaining confidentiality.

Nice To Haves

Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, PCI-ISA, Splunk Searching and Reporting.

Responsibilities

Implements, operationalizes, and improves technical solutions to support effective and auditable compliance to applicable industry standard and regulations (SOX, PCI, MICS, NIST, HIPAA, etc.)
Review and continuously improve written compliance audit and due diligence procedures for execution by various technical and non-technical staff, including GRC analysts, internal auditors, and IT staff.
Support and maintain all systems where GRC is the business stakeholder, including tools used for audit automation, asset management, application inventory, change management, and vulnerability management.
Identify, evaluate, recommend, and implement technical improvements to mitigate control failures and gaps for stakeholders.
Own and maintain the technical details within the Wynn GRC control framework, including accurate scoping of systems and networks, technical interpretations of controls, descriptions of artifacts, etc.
Conducts periodic reviews of audits to optimize audit procedures and technical artifacts.
Operate as the technical subject matter expert to respond to inquiries from third-party assessors and auditors.
Collaborate with peers and management in various teams to ensure enterprise technical compliance requirements are effectively operationalized.
Support corporate compliance for the patch management process through reporting and technical interpretation of system vulnerabilities.
Track operational remediation efforts against defined Service Level Agreements (SLAs).
Lead efforts to validate production changes to improve quality and accountability of system changes.
Remain current on best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.
Oversee all training for IT GRC across IT and various business units.
Evaluates risks and develops security standards, procedures, and controls to manage risks.
Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).
Other duties as assigned.