Analyst - InfoSec GRC

About The Position

Requirements

• Bachelor of Science degree in computer science or similar discipline and/or a minimum of two (2) years of progressive broad-based information systems and business experience
• A minimum of two (2) years in Information Technology role and at least one-year (1) of business-unit experience, with sensitivity and commitment to business problem solving
• A minimum of two (2) years of applied work experience in audits, assessments, risk, remediation, cyber security programs, or cyber security compliance management highly preferred
• Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, PCI-ISA, Splunk Searching and Reporting
• Troubleshooting and operating a computer and various software packages. Knowledge of GRC tool techniques is a plus
• Comprehend technical language and to confer, analyze and write in an objective, lucid manner
• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions
• General ability to pull data from database tables, database views, application sources, and other data stores for compliance reporting
• Familiarity with state, local, federal, and gaming laws & regulations, as well as risk assessment and management methodology
• Using judgment and ingenuity in maintaining objectives and technical standards
• Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
• Effectively translate industry regulations, standards, and internal controls to all audience types, including non-technical stakeholders and highly technical IT engineers and architects
• Ability to gather requirements and perform analysis.
• Excellent ability to collaborate with other teams with alternative or conflicting areas of focus
• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• Work independently and prioritize multiple tasks and adapt to needed changes
• Must be a critical thinker with strong problem-solving skills
• Must be able to maintain confidentiality
• This position requires a valid Nevada Gaming License which is required and must be obtained before entering this position. Must be 21 years of age or older
• This position is required to be in-office in Las Vegas Nevada, remote access is not an option for this role
• Visa Sponsorship is not available for this position

Responsibilities

• Assists with the implementation of the GRC program.
• Conducts routine audits as assigned.
• Conduct reviews of audits conducted by Compliance Analysts.
• Initiates, maintains, and revises policies, procedures and practices and its related activities to prevent any violations.
• Monitors the day-to-day Compliance activities.
• Collaborate with other departments to direct Compliance issues to appropriate existing channels for investigation and resolution.
• Consults with the Internal Audit Team as needed to resolve difficult Compliance issues.
• Ensuring and monitoring compliance with industry and government rules and regulations at all levels to support effective and auditable compliance with applicable industry standard and regulations (SOX, PCI, GAMING, NIST, HIPAA, etc.). This includes Asset Management auditing.
• Acts as an independent review and evaluation body to ensure that Compliance issues/concerns are being appropriately evaluated, investigated and resolved.
• Participation in all training for IT GRC across IT and various business units.
• Identifies potential areas of Compliance vulnerability and risk; develops/implements corrective action plans for the resolution of problematic issues and provides general guidance on how to avoid or deal with similar situations in the future.
• Assist to ensure the InfoSec department as well as the IT Departments goals are met.
• Other job duties may be assigned.