Sr. Information Security Analyst-PCI

Company Name:
Sr. Information Security Analyst-PCI

Work to assure that Our Client's systems and Information Technology (IT) adheres to regulatory requirements for Sarbanes-Oxley (SOX), Payment Card Industry (PCI) and/or
Gaming Control Board (NGCB) and other gaming regulations. This includes assisting with all IT areas to remediate any audit issues, focusing on ensuring regulatory requirements are met, including but not limited to, licensing, technical standards, internal controls, minimum standards, employee licensing and responsible gambling standards.


o Facilitates audit processing to ensure completion of audits for Sarbanes-Oxley (SOX), Payment Card Industry (PCI), Nevada Gaming Control Board (NGCB) and other audits as required
o Drives remediation and collects documentation related MICS, SOX and PCI audit requirements
o Works directly with auditors and IT control owners to assure audits are completed on time
o Promotes compliance awareness and provides reporting on progress
o Promotes technology "best practice" compliance standards
o Collaborates with third party vendors, where appropriate
o Generates and provides regular compliance reports and scorecards
o Completes the Technology Compliance Risk Assessment process for applications and systems
o Experienced in the use of Compliance tools
o Ability to facilitate meetings and drive agendas

o Plans, prepares, tests, submits and tracks technical and control submissions to the appropriate regulators
o Accurately records and reports on the status of submissions and approvals
o Provides timely and accurate submissions to regulators in all jurisdictions concerned. In addition, ensures that submissions are complete in both content and detail to meet regulators' expectations.
o Works with the Nevada Gaming Control Board auditors to provide information for properties with regard to IT devices and processes
o Reviews all technical and controls submission packages to the specifications of each jurisdiction according to internal company procedures
o Ensures that urgent or special changes are expedited, coordinated and that the regulator is informed in accordance with requirements or internal controls
o Provides advice and assistance to individual properties in the development of documented internal controls pertaining to Information Technology
o Controls regulatory submission documentation

Sarbanes-Oxley Section 404:
o Facilitates annual testing with internal and external auditors
o Leads and assists teams with their SOX remediation efforts
o Manages audit reviews throughout the year to ensure best practices are integrated into all environments
o Works with auditors to gather information for risk assessments

Payment Card Industry (PCI):
o Understands IT controls related to PCI requirements
o Assists with the remediation of items from annual QSA reviews

This job description in no way states or implies that these are the only duties to be performed by the employee in this position. It is not intended to give all details or a step-by-step account of the way each procedure or task is performed. The incumbent is expected to perform other duties necessary for the effective operation of the department. All duties are to be performed in accordance with Our Client's departmental policies, practices and procedures.

This position has no direct/official supervisory responsibilities.

o Four-year degree, plus 4 years experience in Information Technology Compliance required
o Three years of experience in an IT Compliance or Security Risk Management position
o A minimum of 1 year of project management experience is highly desired
o Experience or exposure in working with auditors preferred
o Must exhibit knowledge of a hospitality/gaming environment and how the business is affected by regulatory requirements
o Must be knowledgeable and capable of working in a 24x7 environment

o CISSP and/or CISA preferred
o The applicant must be eligible for gaming license, which requires the applicant does not have a criminal background among other things
o Proof of eligibility to work in the United States


o Must be able to work independently with minimal supervision
o Must exhibit a sincere interest and passion to become a compliance advocate for Information Technology
o Highly ethical and discreet with ability to maintain confidentiality
o Excellent interpersonal telephone skills and the ability to empathize with customer's needs, while enforcing company policies
o Provides 24x7 on-call support, as required
o Must be highly organized and possess excellent written and verbal communication skills
o Display motivational attributes (self and others)
o Focused towards excellent customer service

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.