Hard Rock International

Returning Candidate?

Information Security Officer

Information Security Officer

Job ID 
2017-3383
# of Openings 
1
Job Locations 
US-NJ-ATLANTIC CITY
Posted Date 
12/6/2017
Category 
Information Technology

More information about this job

Overview

The Information Security Officer performs several core functions for the enterprise. The first is overseeing the operations of the enterprise’s security solutions through management of the organization’s security analysts. The second is establishing an enterprise security stance through policy, architecture and training processes. The third is developing and perform on going testing of the company’s Disaster Recovery and Business Continuity plans. The fourth is developing and maintaining the company’s PCI compliance plan to ensure full PCI compliance. Secondary tasks will include the selection of appropriate security solutions, and oversight of any vulnerability audits and assessments. The Information Security Officer is expected to interface with peers in the Applications, Systems and Network departments as well as with the leaders of the business units to both share the corporate security vision with those individuals and to solicit their involvement in achieving higher levels of enterprise security through information sharing and co-operation

Responsibilities

 

  • Develop and Maintain access authorization matrixes and other computer security controls used to insure appropriately limited access to computer software and data.
  • Monitor and review logs of user access, security incidents, and unusual transactions.
  • Ensure compliance with all corporate, state and federal information security policies and regulations.
  • Coordinate the development of the casino’s information security policies, standards and procedures by working closely with key IT staffs, data custodians and governance groups in the development of such policies.
  • Coordinate the development of an education and training program on information security and privacy matters for employees and other authorized users.
  • Prepare and maintain security related reports and data.
  • Work with internal and external audit to ensure all findings are addressed timely and effectively.
  • Develop and implement an Incident Reporting and Response System to address security breaches, policy violations and complaints from external parties.
  • Serve as the official contact for information security and data privacy issues, including reporting to law enforcement.
  • Develop and implement an ongoing risk assessment program targeting information security and privacy matters.
  • Recommend methods for vulnerability detection and remediation, and oversee vulnerability testing.
  • Keep abreast of the latest IT security and privacy legislation, regulations, advisories, alerts and vulnerabilities to ensure the licensee’s security program and security software is current.
  • Oversee the deployment, integration and initial configuration of all new security solutions and of any enhancements to existing security solutions in accordance with standard best operating procedures generically and the enterprise’s security documents specifically.
  • Ensure the confidentiality, integrity and availability of the data residing on or transmitted to/from/through enterprise workstations, servers and other systems and in databases and other data repositories.
  • Ensure the enforcement of enterprise security documents.
  • Supervise all investigations into problematic activity and provide on-going communication with senior management.
  • Supervise the design and execution of vulnerability assessments, penetration tests and security audits.
  • Perform regular security awareness training for all employees to ensure consistently high levels of compliance with enterprise security documents.
  • Engage in ongoing communications with peers in the Applications, Systems and Networking groups as well as the various business groups to ensure enterprise wide understanding of security goals, to solicit feedback and to foster co-operation.
  • Supervises IT Security Analyst.
  • Performs all other related and compatible duties as assigned.
  • Promotes outstanding customer relations.
  • Manage and/or provide guidance to junior members of the team.

Qualifications

  • A Bachelor’s degree in Information Systems, Information Security or equivalent training and experience is required.
  • At least five years’ equivalent work experience in a similar role
  • Strong organizational skills and a high degree of initiative.
  • Ability to adjust priorities and manage time appropriately and wisely in a fast-paced environment or under pressure.
  • Project management skills a definite asset.
  • Strong understanding of the organization’s goals and objectives.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed, with keen attention to detail.
  • Proven analytical and problem-solving abilities.
  • Ability to effectively prioritize tasks in a high-pressure environment.
  • Strong customer service orientation.
  • Experience working in a team-oriented, collaborative environment.
  • Preference given to candidates with applicable certifications from organizations such as Offensive Computing, SANS Institute, etc.
  • Prior experience in internet based systems administration.
  • Prior experience in working collaboratively with third party providers of IT, hosting and information security services.
  • Prior experience in regulated IT environments.
  • Prior experience with information security standards and best practices in e-commerce settings.

Technical Requirements


·         In depth understanding of the components present with and enterprise network (Firewall/Switch/Load Balancer/IPS).

·         Knowledge of modern server hardware.

·         Knowledge of IBM AS/400.

·         Broad expertise in Information Security.

·         Experience working with IP networking, networking protocols and understanding of security related technologies including encryption, IPsec, VPNs, firewalls, proxy services, DNS, electronic mail and access-lists.

·         Experience working with internet, web, application and network security techniques.

·         Experience working with Windows operating system security.

·         Experience working with leading firewall, network scanning and intrusion detection products and authentication technologies.

·         Extensive experience in enterprise security architecture design.

·         Extensive experience in enterprise security document creation.

·         Experience in designing and delivering employee security awareness training.

·         Experience in developing Business Continuity Plans and Disaster Recovery Plans.

·         Experience with PCI DSS a must.

·         Certifications such as CISSP, CBCP, GPEN, GSNA preferred.

·         Knowledge of CIS Benchmarks and NIST standards a preferred.

·         Knowledge of ISO 27000