ISA Risk/Compliance Analyst II

Seneca Gaming Corporation•Niagara Falls, NY

About The Position

This role is directly responsible for ensuring the confidentiality, integrity, and availability of the company’s information assets within a blended information security framework, adhering to published guidance from CIS, NIST, PCI DSS, ISACA (CoBIT), and NIGC, alongside a pragmatic/risk-based approach. The analyst will be engaged in developing and interpreting information security programs and policies, providing a full range of services for implementation, enforcement, compliance, and promoting information security awareness across the enterprise. Key responsibilities include guiding and supporting Seneca Gaming Corporation (SGC) business units during audits, coordinating between the IT department and audit participants, and acting as a primary information assurance resource on business-driven project teams, while also mentoring other information assurance resources. The position champions and drives continuous improvement within governance, risk, and compliance areas, ensuring all duties align with SGC’s policies, procedures, Internal Control Standards, and objectives.

Requirements

Must be 18 years of age or older upon employment.
Bachelor’s Degree in an Information Technology related field.
Minimum of three (3) years of work experience in a related Information Technology role is required.
An equivalent combination of education and/or experience may be substituted for the above requirements.
ISACA CISA certification is required.
Experience with the IT audit/assessment process (ITGC, SOX, PCI).
Experience with Microsoft Active Directory environment and baseline concepts required.
Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities required.
Understanding of networking principles and standards.
Experience with information security tools and utilities.
Experience with network security practices.
Experience with email applications required.
Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
Must be able to learn all production applications/systems well enough to understand the security requirements of each position.
Must possess excellent communication skills.
Must possess excellent analytical skills.
Must be resourceful, utilizing all resources that are available to resolve issues.
Must have the ability to resolve problems/conflicts in a diplomatic and tactful manner.
Must be able to work with little direction and supervision.
Must demonstrate good judgment.
Must be a team player with strong interpersonal skills.

Nice To Haves

GIAC (Global Information Assurance Certification)/GSNA (GIAC Systems & Network Auditors) certification or equivalent background is recommended.
Microsoft Outlook experience preferred.
Previous experience working in a hospitality or financial services environment is desired.

Responsibilities

Directly responsible for leading Information Security & Assurance (ISA) governance support, focusing on all aspects of regulatory compliance, with particular emphasis on Sarbanes Oxley (SOX), PCI, MICS, ITGC and other industry and regulatory compliance requirements.
Analyzes information security risks, develops and proposes appropriate information security controls line with industry-accepted frameworks, standards, guidelines and best practices. Recommends changes to existing controls to improve information security risk posture and in response to changes in risk.
Directly responsible for all ISA audit & review functions to include direct liaison with the primary regulatory entity.
Directly responsible for all SGC ITGC internal control testing, validation, and any required remediation coordination.
Drives all communications of accurate and timely information to all external and internal stakeholders concerning information technology audit status and other inquiries.
Functions as lead for Information Assurance processes, procedures, and specifications as part of continuous organizational improvement initiatives.
Schedules and facilitates ongoing reviews of internal policies, processes, and procedures while assessing compliance, identifying weaknesses or gaps, and tracking through remediation.
Plans, performs, and leads IT audit assignments to assess the efficiency and effectiveness of business processes and related controls.
Drives all communications with departmental leadership to understand applicable policies; assist with development of procedures for their staff which will meet or exceed policy and compliance standards, achieve practical and efficient workflow, and support business objectives.
Prepares detailed documentation that provides evidence that audits were conducted in accordance with SGC standards.
Drafts, prepares, and submits audit evidence requests.
Assists with baseline SGC Information Security operational functions, systems reviews, and report reviews.
Assists the SGC Internal Audit team and/or department heads in developing risk assessments and annual plans with specific emphasis on IT systems and applications.
Assists the SGC internal Legal team with review and formulation of pertinent information security/assurance language for contracts.
Assists the SGC internal Application Support team (acting as ISA liaison) specific to initiatives with core enterprise applications - ACSC, LMS, SWS, Infinium, Kronos, InfoGenesis, other as required.
Functions as administrative lead for system access authorization components of SGC’s Identity & Access Management Program.
Functions as administrative lead for SGC’s Change Management Program.
Functions as administrative lead for SGC’s PCI Compliance Program.
Functions as the lead for ISA metric report generation and presentation.
Functions as lead for Information Security & Assurance systems (hardware/software) contract maintenance functions.
Functions as lead for administration of any ISA-specific Sharepoint site and associated content.
Provides primary oversight for ISA resource work order assignments to confirm all are mapped to defined standards.
Provides primary oversight for ISA resource project assignments to confirm all deliverables are mapped to defined standards.
Develops and delivers progress reports, proposals, requirements documentation and presentations.
Keeps abreast of the latest threats and vulnerabilities through independent study, and researches related technologies.
Represent ISA interests in core departmental meetings.
All work products must comply with Internal Controls, Minimum Internals Control Standards (MICS), Sarbanes-Oxley (SOX), and Payment Card Industry DSS (PCI DSS).
Maintain a working knowledge and practical application of information security principles and practices as they relate to their job responsibilities. Proactively assess potential risks and vulnerabilities within the environment.
Maintain a current understanding of all policy and guidelines regarding information security including the Seneca Gaming Corporation Acceptable Use Policy. Understand and comply with all information security policies and procedures at all times.
Provide exceptional customer service to all patrons and communicate in a pleasant, friendly and professional manner at all times. Maintain a professional work environment with supervisors, managers, and staff.
Must complete all required SGC Training programs within nine (9) months from commencement of employment in this position.
Duties, responsibilities, requirements and expectations pertaining to this job are subject to change as needed. Hours are determined by a 24-hour schedule.