Analyst – InfoSec GRC

Job Description

The Analyst – InfoSec GRC (Governance, Risk, and Compliance) is the primary resource supporting the objectives of the GRC team for Wynn Resorts North America.

This role performs control testing procedures as part of the InfoSec GRC team of analysts, organizes supporting documentation including architecture diagrams, data flow diagrams, vendor documentation, etc. to demonstrate effectiveness to internal and external auditors.

This role will be key in supporting the GRC program, reporting to the Supervisor – IT GRC, and the Manager – IT GRC, with general direction from the VP of Information Security and CISO and Executive Director of Information Security Engineering.

The GRC team supports one of the five pillars of Information Security under the Chief Information Security Officer; the others are Architecture & Engineering, Incident Response, Identity & Access Management, and Data Security.

Job Responsibilities

• Ensuring and monitoring compliance with industry and government rules and regulations at all levels to support effective and auditable compliance to applicable industry standard and regulations (SOX, PCI, MICS, NIST, HIPAA, etc.)
• Review and continuously improve written compliance audit and due diligence procedures for execution by various technical and non-technical staff, including other GRC analysts, internal auditors, and IT staff.
• Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).
• Support tasks and compliance monitoring of all systems where GRC is the business stakeholder, including tools used for audit automation, asset management, application inventory, change management, and vulnerability management.
• Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Share information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time.
• Identify, evaluate, recommend, and implement technical improvements to mitigate control failures and gaps for stakeholders.
• Conducts periodic reviews of audits to optimize audit procedures and technical artifacts. Support SOC 2 and global compliance audits.
• Collaborate with peers and management in various teams to ensure enterprise technical compliance requirements are effectively operationalized. This includes assisting departments in responding to inquiries from the business departments about ongoing operational compliance.
• Maintain and monitor a central repository for audit evidence.
• Remain knowledgeable on current best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.
• Participation in all training for IT GRC across IT and various business units.
• Other duties as assigned.

Qualifications

• Bachelor of Science degree in computer science or similar discipline and/or a minimum of two (2) years of equivalent work experience.
• A minimum of two (2) Years of applied work experience in audits, assessments, risk, remediation, cyber security programs, or cyber security compliance management.

Requirements

• Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, PCI-ISA, Splunk Searching and Reporting
• Working knowledge of Information technology systems at the application, data, operating system, virtualization, storage, and networking layers is a plus. Willingness to obtain this knowledge is a must
• Troubleshooting and operating a computer and various software packages. Knowledge of GRC tool techniques is a plus
• Comprehend technical language and to confer, analyze and write in an objective, lucid manner
• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions
• General ability to pull data from database tables, database views, application sources, and other data stores for compliance reporting
• Familiarity with state, local, federal, and gaming laws & regulations, as well as risk assessment and management methodology
• Using judgment and ingenuity in maintaining objectives and technical standards
• Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
• Effectively translate industry regulations, standards, and internal controls to all audience types, including non-technical stakeholders and highly technical IT engineers and architects
• Excellent ability to collaborate with other teams with alternative or conflicting areas of focus
• Poise and ability to act calmly and competently in high-pressure, high-stress situations
• Work independently and prioritize multiple tasks and adapt to needed changes
• Must be a critical thinker with strong problem-solving skills
• Remain calm under high pressure/difficult situations
• Maintaining confidentiality
• Visa Sponsorship is not available for this position

Additional Information

Wynn Resorts is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Wynn Resorts does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.