Analyst – InfoSec GRC
Las Vegas, NV, United States
Wynn Resorts
At Wynn Las Vegas, enjoy a Forbes Five Star luxury hotel and casino, exclusive fine dining, and endless experiences from the top resort on the Las Vegas strip.Job Description
The Analyst – InfoSec GRC (Governance, Risk, and Compliance) is the primary resource supporting the objectives of the GRC team for Wynn Resorts North America.
This role performs control testing procedures as part of the InfoSec GRC team of analysts, organizes supporting documentation including architecture diagrams, data flow diagrams, vendor documentation, etc. to demonstrate effectiveness to internal and external auditors.
This role will be key in supporting the GRC program, reporting to the Supervisor – IT GRC, and the Manager – IT GRC, with general direction from the VP of Information Security and CISO and Executive Director of Information Security Engineering.
The GRC team supports one of the five pillars of Information Security under the Chief Information Security Officer; the others are Architecture & Engineering, Incident Response, Identity & Access Management, and Data Security.
Job Responsibilities
- Ensuring and monitoring compliance with industry and government rules and regulations at all levels to support effective and auditable compliance to applicable industry standard and regulations (SOX, PCI, MICS, NIST, HIPAA, etc.)
- Review and continuously improve written compliance audit and due diligence procedures for execution by various technical and non-technical staff, including other GRC analysts, internal auditors, and IT staff.
- Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).
- Support tasks and compliance monitoring of all systems where GRC is the business stakeholder, including tools used for audit automation, asset management, application inventory, change management, and vulnerability management.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Share information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time.
- Identify, evaluate, recommend, and implement technical improvements to mitigate control failures and gaps for stakeholders.
- Conducts periodic reviews of audits to optimize audit procedures and technical artifacts. Support SOC 2 and global compliance audits.
- Collaborate with peers and management in various teams to ensure enterprise technical compliance requirements are effectively operationalized. This includes assisting departments in responding to inquiries from the business departments about ongoing operational compliance.
- Maintain and monitor a central repository for audit evidence.
- Remain knowledgeable on current best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.
- Participation in all training for IT GRC across IT and various business units.
- Other duties as assigned.
Qualifications
- Bachelor of Science degree in computer science or similar discipline and/or a minimum of two (2) years of equivalent work experience.
- A minimum of two (2) Years of applied work experience in audits, assessments, risk, remediation, cyber security programs, or cyber security compliance management.
Requirements
- Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, PCI-ISA, Splunk Searching and Reporting
- Working knowledge of Information technology systems at the application, data, operating system, virtualization, storage, and networking layers is a plus. Willingness to obtain this knowledge is a must
- Troubleshooting and operating a computer and various software packages. Knowledge of GRC tool techniques is a plus
- Comprehend technical language and to confer, analyze and write in an objective, lucid manner
- Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
- Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions
- General ability to pull data from database tables, database views, application sources, and other data stores for compliance reporting
- Familiarity with state, local, federal, and gaming laws & regulations, as well as risk assessment and management methodology
- Using judgment and ingenuity in maintaining objectives and technical standards
- Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process
- Effectively translate industry regulations, standards, and internal controls to all audience types, including non-technical stakeholders and highly technical IT engineers and architects
- Excellent ability to collaborate with other teams with alternative or conflicting areas of focus
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Work independently and prioritize multiple tasks and adapt to needed changes
- Must be a critical thinker with strong problem-solving skills
- Remain calm under high pressure/difficult situations
- Maintaining confidentiality
- Visa Sponsorship is not available for this position
Additional Information
Wynn Resorts is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Wynn Resorts does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits Automation CISA CISO Compliance Computer Science Governance HIPAA Incident response Monitoring NIST Risk assessment Security assessment SOC SOC 2 SOX Splunk Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Product Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open DoD-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs