Information Security Manager

About The Position

Requirements

• Must be at least 21 years of age.
• High School Diploma or GED equivalent, required.
• Bachelor's in computer science or related field, or equivalent work experience, required.
• Industry-recognized information security certification(s) required or preferred, with expectation to obtain additional certifications as part of ongoing professional development, such as: Security+, SSCP, or equivalent (required)
• Minimum of five (5) years of progressive experience in information security, including hands-on involvement in security operations, risk assessment, incident response, vulnerability management, and policy or security control development, preferred.
• Any combination of education, experience, and training that provides the required knowledge, skills, and abilities.
• Must have excellent verbal and written communication skills to promote a positive and professional image.
• Must be able to provide evidence of eligibility to work in the United States of America.
• Ability to obtain and maintain a valid Soboba Tribal Gaming Commission license.
• Required to submit to and obtain negative results on all drug and/or alcohol testing.

Nice To Haves

• CISSP or CISM (preferred)
• Other relevant security certifications (e.g., CRISC, GIAC) are a plus
• Broad hands-on knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices, preferred.
• In-depth technical knowledge of enterprise network, endpoint, and platform operating systems within heterogeneous environments, preferred.
• Working technical knowledge of enterprise operating systems and platforms across Windows and Linux-based environments, preferred.
• Strong knowledge of TCP/IP and network administration/protocols, preferred.
• Hands-on experience with devices such as hubs, switches, and routers, preferred.
• Knowledge of data privacy and data protection practices, along with familiarity with information security frameworks and best practices such as NIST, CIS, and ISO standards, preferred.

Responsibilities

• Lead and oversee the organization’s centralized information security program across Tribal Administration and Casino operations.
• Develop, maintain, and enforce enterprise-wide information security policies, standards, and procedures.
• Establish security governance, risk management processes, and exception handling frameworks.
• Establish and oversee formal risk acceptance, exception, and compensating control processes in coordination with IT leadership and executive management.
• Oversee security incident response coordination, escalation, and communication with leadership and stakeholders.
• Provide oversight of vulnerability management, audit activities, and remediation prioritization.
• Coordinate disaster recovery and business continuity security requirements in partnership with IT and business teams.
• Serve as the primary point of contact for security-related audits, assessments, and regulatory reviews.
• Engage with vendors, service providers, and partners on security requirements and risk management.
• Provide leadership, guidance, and mentorship to information security staff.
• Assess enterprise security risks and provide regular reporting to IT leadership and executive management.
• Guide security strategy, roadmap planning, and prioritization aligned with business objectives.
• Establish and maintain a risk-based approach to information security prioritization and decision making.
• Oversee third-party and vendor security risk management activities.
• Ensure security incidents are reviewed for root cause analysis and lessons learned.
• Develop and report security metrics, risk summaries, and program status to leadership, including key performance indicators (KPIs) and key risk indicators (KRIs).
• Participate in continuous improvement of the information security program based on evolving threats, technologies, and organizational needs.
• Promote security awareness and best practices across the organization, including implementation of comprehensive training programs and phishing simulations.
• Provide input into the design and architecture of new systems to ensure secure implementation and alignment with enterprise security standards.
• Establish and maintain threat intelligence capabilities to proactively identify and respond to emerging threats.
• Lead data protection initiatives, including compliance with applicable privacy regulations (e.g., GDPR, CCPA), and oversee data classification and handling policies.
• Oversee security for cloud-based services and emerging technologies, ensuring secure adoption and integration.
• Support and promote diversity, equity, and inclusion within the IT and security teams.
• Perform special projects and other responsibilities, tasks, or duties as requested.

Benefits

• 401k Plan
• Basic Life Insurance (employer paid) with the option to purchase Supplemental Life Insurance
• Medical available to employees at a significantly reduced cost. Dental & Vision paid for the employee.
• Employee Assistance Program
• Wellness Program (Annual Health Fair, Wellness Education, and Incentive Programs)
• Paid Time Off
• Reward and Recognition Program (Quarterly, and Annually)
• Team member Incentives
• Discounted Team member meal