Information Security Manager - Governance, Risk & Compliance - Remote
Full Time
Brooks, CA 95606
Posted
Job description
Description & Requirements:
Essential Duties and Responsibilities include the following. Other duties may be assigned.
Governance
Evaluate performance of current IT processes and make recommendations on improvements from a security perspective.
Work with IT to ensure proper documentation whether it be architecture (physical, conceptual, logical), process/procedure, and/or data flow documents.
Implement and oversee the change management process and procedures with a focus on elevating the process to alleviate risk of downtime while streamlining efficiency in the Change Management process.
Assist in the development and implementation of effective and reasonable standards, policies and practices.
Risk
Create risk indicators based on current state of the company assets which are updated and presented to the board on a periodic basis.
Conduct periodic penetration tests, facilitate security tabletops, security simulations.
Liaise with the IT project management office to acquire budget and resources to remediate risks as appropriate.
Compliance
Implement processes and/or tools to continuously monitor information security controls, exceptions, risks, testing to meet regulatory and legislative requirements.
Develop reporting metrics, dashboards, and evidence artifacts.
Update security controls and provide support to all stakeholders concerning internal assessments, protecting Personally Identifying Information (PII) data for both guests and employees.
Take a best practice approach to information security to balance secure operations with innovation.
Security Awareness
Target periodic security awareness content based on the audience (executives, managers, contributors).
Utilize risk indicators, phishing campaigns, indicators of compromise and current trends to develop meaningful education topics.
Collate and share statistics on security awareness effectiveness and adoption.
Supervisory Responsibilities
Qualifications
Education and/or Experience
Language Skills
Mathematical Skills
Reasoning Ability
Age Requirement
Certificates, Licenses, Registrations
Physical Demands
While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle or feel; and talk or hear. The employee is occasionally required to stand or walk; and reach with hands and arms. The employee may occasionally lift and/or move up to 10 pounds.
Work Environment
While performing the duties of the job, the employee is occasionally exposed to secondhand tobacco smoke. The employee occasionally works near moving mechanical parts and electricity. The noise level in the work environment is usually moderate.
Summary
The Information Security Manager of Governance, Rick & Compliance plays a vital role in keeping Cache Creek Casino Resort’s proprietary and sensitive information secure. The Information Security Manager works across departments to identify and correct flaws in the company’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security posture. This individual is responsible for ensuring that the company's digital assets are protected from unauthorized access.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
Governance
Lead the company’s information security compliance program, ensure IT activities, processes, and procedures meet defined requirements, and policies.
Evaluate performance of current IT processes and make recommendations on improvements from a security perspective.
Work with IT to ensure proper documentation whether it be architecture (physical, conceptual, logical), process/procedure, and/or data flow documents.
Implement and oversee the change management process and procedures with a focus on elevating the process to alleviate risk of downtime while streamlining efficiency in the Change Management process.
Assist in the development and implementation of effective and reasonable standards, policies and practices.
Risk
Develop a risk management program which both quantifies and qualifies the level of risk in the enterprise network.
Create risk indicators based on current state of the company assets which are updated and presented to the board on a periodic basis.
Conduct periodic penetration tests, facilitate security tabletops, security simulations.
Liaise with the IT project management office to acquire budget and resources to remediate risks as appropriate.
Compliance
Ensure information security with relevant regulatory and legislative bodies while aligning with business objectives.
Implement processes and/or tools to continuously monitor information security controls, exceptions, risks, testing to meet regulatory and legislative requirements.
Develop reporting metrics, dashboards, and evidence artifacts.
Update security controls and provide support to all stakeholders concerning internal assessments, protecting Personally Identifying Information (PII) data for both guests and employees.
Take a best practice approach to information security to balance secure operations with innovation.
Security Awareness
Create an effective security awareness program that reaches and educates all employees on business risks and threats.
Target periodic security awareness content based on the audience (executives, managers, contributors).
Utilize risk indicators, phishing campaigns, indicators of compromise and current trends to develop meaningful education topics.
Collate and share statistics on security awareness effectiveness and adoption.
Supervisory Responsibilities
Directly supervises employees within the Information Technology department. Carries out supervisory responsibilities in accordance with the organization's policies, procedures, and applicable laws to include training employees, assigning, and directing work, evaluating performance, and addressing complaints and disciplinary problems.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed below are representative of the knowledge, skill and/or ability required.
Education and/or Experience
Three years related experience and/or training in Information Security; Bachelor’s degree in Computer Science or related technical field; or equivalent combination of experience and education. Must have understanding of computer-related security systems including firewalls, encryption, and password protection and authentication. Must be proficient, or able to gain proficiency with, a broady array of security software applications and tools.
Language Skills
Ability to read, analyze, and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors.
Mathematical Skills
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Reasoning Ability
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret a variety of instructions furnished in written, oral, diagram, mathematical or schedule form.
Age Requirement
Must be at least 21 years of age.
Certificates, Licenses, Registrations
Cache Creek Casino Resort Tribal Gaming License
Information security certifications (ISACA CISA, ISACA CISM, (ISC)2 CISSP, CompTIA Security+, CompTIA Network+) and Regulatory and Risk certifications (PCI-P, ISO-27001 CLA) preferred.
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job with or without reasonable accommodations.
While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle or feel; and talk or hear. The employee is occasionally required to stand or walk; and reach with hands and arms. The employee may occasionally lift and/or move up to 10 pounds.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job with or without reasonable accommodations.
While performing the duties of the job, the employee is occasionally exposed to secondhand tobacco smoke. The employee occasionally works near moving mechanical parts and electricity. The noise level in the work environment is usually moderate.
colinoncars.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, colinoncars.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, colinoncars.com is the ideal place to find your next job.