Internal Audit & Compliance Specialist

Human Resources Department - NRT Technology Corp.•Toronto, ON

27d

About The Position

At NRT, we build more than solutions: we build up each other. NRT is a worldwide leader in future-ready FinTech and Information Technology designed to elevate and enhance the enterprise gaming industry. Our next-generation solutions encompass every aspect of the modern integrated resort, including secure payment systems, AML compliance and reporting tools, credit information and electronic marker services to intelligent and engaging table game platforms, dynamic financial and marketing kiosks, and our completely customizable digital gamification and mobile experiences. NRT has acquired JOINGO®, a revolutionary resort app engagement platform dedicated to unifying guest experiences, offering a seamless experience from booking to checkout through App Builder, which has more than 100 third-party integrations which are unmatched in the industry. Our strategic partnerships have resulted in the most convenient, reliable, and secure omni-channel payment ecosystem in the industry. Our collective solutions are used by casinos, race and sports operators, lotteries, banks, and retailers-- globally-- to dazzle their guests. We’re dedicated to building a better future for all, including environmental initiatives designed to reduce our carbon footprint. Some of our actionable initiatives include utilizing green energy, digitizing our internal processes, and implementing our unique cashless solutions. NRT believes in the value of connection and community. We believe that our diversity in skills and background make us a unique and formidable culture. Additionally, we believe in encouraging the growth of individual development, and recognize that our success depends on developing each other. We know that to be the innovative FinTech leader that we are, it’s all hands on deck. NRT knows that to stand firm, we need to stand together. Our innovative products and success allow us to reward you with competitive salaries, paid time off, individual growth plans, community sharing, collaboration, Health Benefits (including medical, vision, dental, EAP, etc) and more. NRT has metrics designed to get you to where you want to be in your career, and we are your biggest advocate for professional development. We provide training, product knowledge demos, tiered-lever skill building, development workshops, teambuilding exercises, webinars, collaboration, and more. Joining NRT is more than a job: it’s an opportunity to grow and discover. To learn more about who we are and what we do, visit our website at www.nrttech.com. Reporting directly to SVP, IT Infrastructure and their designates, the Internal Audit & Compliance Specialist will be a key member of Security and Compliance team to analyze, assess and design effective security controls to help achieve PCI compliance, privacy compliance, and to improve enterprise-wide security.

Requirements

5+ years’ experience in Information Security and performing compliance assessments
Master’s degree in information security or equivalent
5+ years’ experience of Level-1 assessment experience with solid understanding of PCI-DSS and PA-DSS
Proven experience with Information Security Management System (SOC2 Type 2, ISO 27001)
Experience with Cryptography
One of the certifications: CSSLP, CASE, GSSP, GWEB, CEH, OSCP, PenTest+ or GPEN
Experience with network architectures and network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
Experience with audit experience for cloud computing environments (e.g., AWS, MS Azure, Google Cloud)
Experience with IT security principles and methods (e.g., firewalls, DMZ, encryption)
Experience with cyber defense and vulnerability assessment tools, including open source tools, and their capabilities (Nexpose, Nessus etc.)
Hands-on experience with penetration testing tools (Metasploit, Nessus etc.)
Knowledge of Risk Management Framework (RMF) requirements
Ability to work collaboratively with key stakeholders and other team members
Excellent time management, written documentation, and oral presentation skills
Current PCI-QSA or PCI-ISA qualification
Information Security: CISSP, CISM, ISO 27001 LI, RISS, CRISC
Audit: CISA, GSNA, ISO 27001 LA/IA, IRCA ISMS Auditor, IIA CIA

Responsibilities

Develop methods to monitor and measure risk, compliance, and assurance efforts
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
Draft statements of preliminary or residual security risks for system operation
Maintain information systems assurance and accreditation materials (PA-DSS, PCI-DSS, SOC, ISO27001 etc.)
Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements
Assess the effectiveness of security controls
Perform reviews, identify gaps in software architecture, and develop a risk management plan
Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations