Job Title: IT Security Manager  

Department: Information Technology

Gaming License: Class III

FLSA Status: Exempt

Reports To: Director of Information Technology

Summary

The IT Security Manager performs two core functions for the enterprise. The first is overseeing the development and operations of the enterprise's security policies, procedures, and solutions through management as well as “hands-on” working skills with the organization's security analysts, technical training, and applicable third-party resources. The second is establishing enterprise security governance through policy, architecture, administrative procedures, and training processes. Tasks will include selecting appropriate security solutions and their application, as well as overseeing and executing vulnerability audits and security assessments. The IT Security Manager is expected to direct and manage security-related projects from beginning to end and interface with their peers in the Project Management Office (PMO), Infrastructure, Help Desk and Applications departments as well as with the leaders of the business units to both share the corporate security vision, communicate on security related topics/issues with Casino Arizona management and to solicit their involvement in achieving higher levels of enterprise security through information sharing, training and co-operation.

Supervisory Responsibilities

Directly supervises, reviews, and manages the daily activities of the Senior Technical Trainer, a Technical Trainer, and multiple Security Analysts who address threat as well as issue management and provisioning. Supervisor duties include interviewing, hiring, and training employees; planning, assigning, and directing work; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems. This position also coaches, mentors, guides, and instructs personnel in the proper performance of their duties, up to and including progressive discipline if necessary.

          Leadership Job Expectations: Fostering ECM Development through Pathways to Success Program

The Gaming Enterprises are committed to the employment and advancement of Enrolled Community Members (ECMs) of the SRP-MIC. The Gaming Enterprises’ Pathways to Success Program is a comprehensive program designed to provide ECMs with quality casino work experience, educational opportunities and to prepare them to become the Gaming Enterprises’ future leaders. Pathways to Success is designed to foster the participant’s preparedness for success on the job.

A Manager level leader is expected to actively support ECMs in their professional and academic goals through:

• Program Awareness and Communication: Maintain up-to-date knowledge of the Pathways to Success programs. Ensure all ECMs are informed about relevant opportunities.
• Mentorship and Coaching: Actively mentor ECMs, offering guidance on career pathways and facilitating connections to additional coaching resources as needed.
• Resource Allocation: Allocate time and budget to support ECMs’ participation in developmental activities, such as courses, certifications, or conferences.
• Development Planning: Collaborate with ECMs to create and regularly review individual development plans, setting measurable goals and tracking progress.
• Barrier Removal: Identify and address obstacles that may hinder ECMs’ career growth, advocating for their needs within the organization.

Essential Duties and Responsibilitiesinclude the following. Other duties may be assigned.

Develop, maintain, and publish all corporate-level information security standards, procedures, and guidelines, including compliance monitoring (auditing) procedures.

Design, review, and implement security structures to support the data and systems security needs.

Oversee and measure the success of the change management program, including change review and approval, to ensure readiness of changes.

Work with technical and business leadership to establish, implement, and maintain adequate network perimeter protection.

Oversee the continuous monitoring of cybersecurity activities, including penetration testing and vulnerability management.

Implements and maintains security controls to be aligned with CIS and NIST Cyber Security Framework.

Supports and optimizes IAM Architecture with implementation of IAM projects.

Ensure that applications are developed and deployed to align with privacy principles, especially those around minimal use, disclosure, and retention.

Provide thought leadership, technical guidance on systems management and operations, along with best practices. Assist in the identification, evaluation, and implementation of security tools, techniques, and mechanisms to meet business needs.

Review project deliverables as they impact security architecture and work with the Project Management Office (PMO) to ensure mechanisms are in place for compliance with all technical security policies and processes as part of project delivery.

Enforces department policies and procedures, the gaming compact, tribal gaming agency and laws of the tribal community and federal government as well as requirements surrounding HIPAA, PCI-DSS and 3^rd party compliance requirements.

Implements training programs for applications as well as onboarding oversight for all employees who will have access to data and business applications.

Promotes information security awareness across all enterprise locations.

Education and/or Experience

Bachelor's degree (BA/BS) in Computer Science or related field or equivalent technical certifications and education.

2 or more years of required experience managing an IT Security team and holding team members accountable for job performance.

2+ years of required experience demonstrating the ability to create, update, and manage security related policies and procedures.

1 or more years of required experience negotiating technical support contracts with vendors and managing the activities of third-party System Integrator contractors/consultants

Substantial proven information security technical lead experience (3 or more years) in a major implementation in a medium or larger business setting.

Working knowledge of PCI-DSS and HIPAA regulations is required.

Ability to manage multiple projects, activities, and tasks simultaneously is required.

Preferred job experience includes:

Direct work experience in project management capacity, including all aspects of process development and execution.

Demonstrated working knowledge of managing the network infrastructure, communications devices, protocols, server, and endpoint technologies.

Demonstrated ability in driving security awareness programs from top to bottom.

Facilitation of change management boards meetings.

Understanding of Identity and Access Management technologies (SSO, SAML, Federation, etc.).

Demonstrated ability with perimeter security, including hands-on experience with SIEM, Firewalls, IDS/IPS.

Experience with leading information security frameworks such as NIST 800-53, NIST CSF, and ISO27001/2.

Certificates, Licenses, Registrations

The candidate should have deep experience with Cisco, Microsoft, Oracle, and others technologies. They need to continually improve their knowledge in the information security space and hold active professional certifications, such as CISSP, CISM, and CGEIT.

While industry-specific knowledge in Gaming, Accounting, Operations, and Marketing is a plus, it will not preclude a review and possible insertion into the position.  Critical to the role, the individual must be able to work flexible hours, including hours beyond the normal schedule when necessary, and recognize that occasional travel may be required as needed.

Language Skills

Must be able to read, write, speak, and understand English.

Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.

While performing the duties of this Job, the employee is regularly required to stand for prolonged periods of time; walk; use hands and fingers to handle or feel; reach with hands and arms; climb or balance; stoop, kneel, crouch, or crawl; and talk or hear. The employee must regularly lift and /or move up to 25 pounds.  Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

Work Environment

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. While performing the duties of this Job, the employee is regularly exposed to secondary smoke.  The noise level in the work environment is usually moderate to loud.