it security manager

Brief Description
Job Title:
IT Security Manager

Department:
Information Technology

Reports To:
Director of Information Technology

Summary
The IT Security Manager performs two core functions for the enterprise. The first is overseeing the development and operations of the enterprise's security policies, procedures and solutions through management as well as "hands on" working skills with the organization's security analysts, technical training and applicable third party resources. The second is establishing enterprise security governance through policy, architecture, administrative procedures and training processes. Tasks will include the selection of appropriate security solutions and their application, oversight and execution of any vulnerability audits and security assessments. The IT Security Manager is expected to direct and manage security-related projects from beginning to end and interface with their peers in the Project Management Office (PMO), Network, Help Desk and Applications departments as well as with the leaders of the business units to both share the corporate security vision, communicate on security related topics/issues with Casino Arizona management and to solicit their involvement in achieving higher levels of enterprise security through information sharing, training and co-operation.

Supervisory Responsibilities
The IT Security Manager directly manages the Senior Technical Trainer, Technical Trainer and Security Analyst who address threat as well as issue management and provisioning in the Information Technology Department. Supervisory duties include interviewing, hiring, and training employees; determining personnel requirements, setting schedules; planning, assigning, and directing work; and insuring that those under their direction have adequate resources to complete their jobs. Other responsibilities also include appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems. This position carries out supervisory responsibilities in accordance with the organization's policies and applicable laws.

Essential Duties and Responsibilities
include the following. Other duties may be assigned.

• Develop, maintain, and publish all corporate-level information security standards, procedures, and guidelines, including compliance monitoring (auditing) procedures.
• Design, review and implement security structures to support the data and systems security needs.
• Oversee and measure the success of the change management program including change review and approval to ensure readiness of changes.
• Work with technical and business leadership to establish, implement and maintain adequate network perimeter protection.
• Oversees the continuous monitoring of cyber security activities including penetration testing and vulnerability management.
• Implements and maintains security controls to be in alignment with CIS and NIST Cyber Security Framework.
• Supports and optimizes IAM Architecture with implementation of IAM projects.
• Ensures that applications are developed and deployed to align with privacy principles, especially those around minimal use, disclosure and retention.
• Provide thought leadership, technical guidance on systems management and operations along with best practices. Assist in the identification, evaluation, and implementation of security tools, techniques, and mechanisms to meet business needs.
• Review project deliverables as they impact security architecture and work with the Project Management Office (PMO) to ensure mechanisms are in place for compliance to all technical security policy and process as part of project delivery.
• Enforces department policies and procedures, the gaming compact, tribal gaming agency and laws of the tribal community and federal government as well as requirements surrounding HIPAA, PCI-DSS and 3rd party compliance requirements.
• Implements training programs for applications as well as on-boarding oversight for all employees who will have access to data and business applications.
• Promotes information security awareness across all enterprise locations

Education And/or Experience

• Bachelor's degree (BA/BS) in Computer Science or related field or equivalent technical certifications and education.
• 2 or more years of required experience managing an IT Security team and holding team members accountable for job performance.
• 3+ years of required experience demonstrating the ability to create, update, and manage security related policies and procedures.
• 1 or more years of required experience negotiating technical support contracts with vendors and managing the activities of third-party System Integrator contractors/consultants
• Substantial proven information security technical lead experience (3 or more years) in a major implementation in a medium or larger business setting.
• Working knowledge of PCI-DSS and HIPAA regulations is required
• Ability to manage multiple projects, activities, and tasks simultaneously is required.

Preferred Job Experience Includes

• Direct work experience in project management capacity, including all aspects of process development and execution.
• Demonstrated working knowledge of managing the network infrastructure, communications devices, protocols, server, and endpoint technologies.
• Demonstrated ability in driving security awareness programs from top to bottom.
• Facilitation of change management boards meetings.
• Understanding of Identity and Access Management technologies (SSO, SAML, Federation, etc.).
• Demonstrated ability with perimeter security, including hands-on experience with SIEM, Firewalls, IDS/IPS.
• Experience with leading information security frameworks such as NIST 800-53, NIST CSF, and ISO27001/2.

Certificates, Licenses, Registrations
The candidate should have deep experience with Cisco, Microsoft, Oracle, and others technologies. They need to constantly improve their knowledge in the information security space and have active professional certifications such as CISSP, CISM, and CGEIT.

While, industry-specific knowledge Gaming, Accounting, Operations and Marketing is a plus, it will not preclude a review and possible insertion to the position. Critical to the role is that the individual must have must be able to work flexible hours, including hours beyond the normal schedule when necessary and recognize that occasional travel may be required as needed.

Language Skills
Must be able to read, write, speak, and understand English.

Physical Demands
While performing the duties of this Job, the employee is regularly required to stand for prolonged periods of time; walk; use hands and fingers to handle, or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl and talk or hear. The employee must regularly lift and /or move up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.

Work Environment
While performing the duties of this Job, the employee is regularly exposed to secondary smoke. The noise level in the work environment is usually moderate to loud.