Isa Risk/Compliance Analyst I

About The Position

Requirements

• Must be 18 years of age or older upon employment.
• Bachelor’s Degree in an Information Technology related field.
• Minimum of one (1) year of work experience in a related Information Technology role is required.
• An equivalent combination of education and/or experience may be substituted for the above requirements.
• Experience with the IT audit process (PCI, ITGC, SOX).
• Understanding of networking principles and standards.
• Experience with information security tools and utilities.
• Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
• Experience with network security practices.
• Experience with email applications required, Microsoft Outlook experience preferred.
• Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
• Must possess excellent communication skills.
• Must possess excellent analytical skills.
• Must be resourceful, utilizing all resources that are available to resolve issues.
• Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
• Must be able to work with little direction and supervision.
• Must demonstrate good judgment.
• Must be a team player with strong interpersonal skills.
• Must be able to stand, walk, and move through all areas of the casino.
• Must be able to maintain physical stamina and proper mental attitude to work under pressure in a fast-paced casino environment and effectively deal with customers, management, employees, and members of the business community in all situations.

Nice To Haves

• ISACA CISA Certification is strongly preferred.
• CompTIA Security+ Certification is preferred.
• MCITP: Server Administrator Certification is preferred.
• Previous experience working in a hospitality or financial services environment is desired.

Responsibilities

• Responsible for providing Information Assurance and Security governance support, focusing on all aspects of regulatory compliance, with particular emphasis on Sarbanes Oxley (SOX), PCI, MICS, ITGC and other industry and regulatory compliance requirements.
• Responsible for scheduling and facilitating EIA applicable daily, quarterly and annual audit functions.
• Responsible for testing SGC ITGC internal controls on a scheduled basis.
• Provides accurate and timely information to all external and internal stakeholders concerning information technology audit status and other inquiries.
• Documents and refines Information Assurance processes, procedures, specifications for continued organizational improvement.
• Schedules and facilitates ongoing reviews of internal policies, procedures and assessing compliance, identifying weaknesses or gaps and tracking through remediation.
• Plans, performs, and leads IT audit assignments to assess the efficiency and effectiveness of business processes and related controls.
• Communicates with department leadership to understand applicable policies; assist to develop procedures for their staff which will meet or exceed policy and compliance standards, achieve practical and efficient workflow, and support business objectives.
• Develops and distributes reports that include findings and recommended remediation steps.
• Prepares detailed documentation that provides evidence that audits were conducted in accordance with SGC standards.
• Drafts, prepares, and submits audit evidence requests.
• Assists the SGC Internal Audit team and/or department heads in developing risk assessments and annual plans with specific emphasis on IT systems and applications.
• Develops and delivers progress reports, proposals, requirements documentation and presentations.
• Keeps abreast of the latest threats and vulnerabilities through independent study, and researches related technologies.
• All work products must comply with Internal Controls, Minimum Internals Control Standards (MICS), Sarbanes-Oxley (SOX), and Payment Card Industry DSS (PCI DSS).
• Maintain a working knowledge and practical application of information security principles and practices as they relate to their job responsibilities. Proactively assess potential risks and vulnerabilities within the environment.
• Maintain a current understanding of all policy and guidelines regarding information security including the Seneca Gaming Corporation Acceptable Use Policy. Understand and comply with all information security policies and procedures at all times.
• Provide exceptional customer service to all patrons and communicates in a pleasant, friendly and professional manner at all times. Maintain a professional work environment with supervisors, managers and staff.
• Must complete all required SGC Training programs within nine (9) months from commencement of employment.
• Duties, responsibilities, requirements and expectations pertaining to this job are subject to change as needed.