Compliance Specialist

Wind Creek Hospitality - Atmore, AL (28 days ago)3.5


Job Overview:

The IT Security Compliance Specialist is responsible for ensuring that IT operational and security policies adhere to regulatory and legal compliance standards such as PCI, SOX, HIPAA, ISO 27001 and NIST Cybersecurity Frameworks. The Compliance Specialist monitors, measures and reports on the effectiveness and efficiency of IT operational and security processes, procedures and controls designed to meet compliance requirements and company policies.

Purpose:

Our genuine engagement and positive energy provide guests, especially women, an escape from their ordinary world into our exciting fantasy world of play, chance, and possibility. With this contribution, we give them a feeling of belonging and importance.

Value System:

Our enthusiastic commitment to our purpose inspires and empowers us to do everything right, have fun, and be the best. We will be recognized fairly, elevating our levels of personal accountability, and focus on our customer. The resulting creation of wealth will grow opportunities for all.

Duties and Responsibilities:

  • Collaborates with members of the Security, Networking, Applications, Regulatory Compliance, General Counsel and other departments
  • Participates with internal and external stakeholders in the design process to translate compliance and regulatory requirements into controls, processes and systems
  • Identifies and documents specific security issues, proposes resolution options and interprets matters from the perspective of involved stakeholders
  • Helps develop appropriate information security policies, standards, procedures, checklists and guidelines using generally-recognized security concepts tailored to meet the requirements of the organization
  • Maintains a repository of internal and external control documents, service tickets, audit records, reports and other supporting documentation
  • Evaluates and reports on the effectiveness of existing policies, standards, procedures, controls, artifacts, metrics and security solutions used to support the security compliance program on a scheduled (weekly, monthly, quarterly, annual) basis
  • Monitors the impact of changes in the IT regulatory and security landscape, related laws, regulations and industry standards, specifically as related to internal technology controls
  • Helps determine scope of onsite visits, audits, and assessments as defined by contracts and regulatory requirements
  • Tracks and communicates audit schedules, document request, progress of remediation tasks, resources and assigned deadlines to appropriate stakeholders and management
  • Gathers, reviews, stores, and delivers approved responses to internal and external data requests
  • Serves as a liaison for information technology departments during assessments and/or audits of IT systems, processes and IT controls
  • Participates in continuing education opportunities to remain current on developments in the information security and audit professions
  • Aids in the development of goals and objectives for the information security training, education and awareness program
  • Other duties and responsibilities as assigned

Job Requirements: (please ensure you meet the listed requirements prior to applying)

  • High School diploma or GED required or currently enrolled and successfully complete a GED program within 6 months from start date as a condition of continued employment
  • Must be twenty-one (21) years of age or older
  • Bachelor’s Degree in Information Security, Information Protection, Computer Information Systems, Computer Science, Computer Engineering, Information Systems Management or related field- required
  • Three (3) years experience with internal or external information technology or IT security audits spanning at least two (2) full cycles of any two (2) of the following: NIGC/TGC, NIST 800-53 (FedRAMP RMF), NIST CSF, SSAE16 or 18 SOC1/SOC2, SOX, PCI-DSS, HIPPA, ISO 27001, CIS CSC, or similar- required
  • Professional certifications: CISA, Security+, SSCP, CISSP, or GSNA– preferred
  • Extensive experience in a service-focused industry, with Food and Beverage Applications, Various Gaming applications and hotel applications experience- preferred
  • Technical writing, regulatory, legal, quality assurance, audit or policy experience– preferred
  • Experience developing, documenting and maintaining security policies, procedures and processes
  • Detail oriented self-starter and the ability to work independently with limited supervision in collaborative team environments
  • A strong ability to multi-task and manage varying priorities and projects
  • Excellent interpersonal, verbal, and written communication skills with the ability to communicate security risk and compliance related concepts to technical and non-technical staff
  • Ability to provide support after normal business hours
  • Familiarity with privacy laws, data protection, security regulations and frameworks, e.g. NIGC /TGC, GDPR, HIPAA, PCI-DSS, NIST CSF, ISO 27000 and COBIT
  • Familiar with generally-accepted security methods, concepts, techniques, and solutions
  • Possess a general understanding of underlying infrastructure architecture including WANs, LANs, Internet, intranets, cloud computing, and communication protocols such as TCP, UDP, and IPsec
  • Excellent time management and related organizational skills, including appropriate sense of urgency, a proactive approach and a suitable ability to anticipate and manage operational events, issues and obstacles
  • Foundational understanding of change management, asset management, LAN/WAN, endpoint and datacenter OS, applications, IT security applications and techniques, e.g. FIM, IDS, IPS, Web filtering, anti-virus, etc.
  • Good understanding of the organization’s goals and objectives
  • Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations
  • Ability to present ideas in a user-friendly language, highly self-motivated and directed, and keen attention to detail
  • Willing to travel outside of the United States (valid passport is a plus)
  • Willing to work odd and irregular hours including nights, weekends, and holidays
  • Willing to travel and participate in training as recommended or required
  • Must have a valid and current State Driver’s License and an insurable driving record for purposes of driving company vehicles as required
  • Must have a Tribal Gaming License (or the ability to obtain and maintain a license) as a requirement for this position
  • Must have willingness and ability to work in a smoke/secondary smoke environment

NATIVE AMERICAN INDIAN PREFERENCE IN HIRING POLICY SHALL BE ADHERED TO AT ALL TIMES

Job Type: Full-time

Experience:

  • FedRAMP: 3 years (Required)
  • SOX: 3 years (Required)
  • Technical Writing: 1 year (Preferred)
  • Contracts: 1 year (Preferred)
  • IPS: 3 years (Required)