Description
Being a part of the Cache Creek team comes with amazing benefits:
- Great Pay
- Opportunities to Grow
- Gas Discounts
- Dental Insurance
- Life Insurance
- Paid Time Off (PTO)
- Recognition Program
- Free meals in our Employee Dining Room
- Weekly Paychecks
- Affordable Healthcare
- Medical Insurance
- Vision Care Insurance
- 401k Savings Plan
- Tuition Reimbursement
- Employee Discounts
- Direct Deposit
Summary
The Information Security GRC Analyst plays a vital role in keeping the company's proprietary and sensitive information secure. They work across departments to assess the risks associated with the people, process and technology in the company. The GRC Analyst will also work to mature the GRC program, ensure that the control objectives are aligned to regulatory requirements and best practice frameworks, that are effectively monitored and the inherent risk is prioritized correctly and made visible to leadership. The GRC Analyst is instrumental in reducing technology risk and driving remediation efforts for the company.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
Governance
- Creating, maintaining, communicating, and enforcing information security standards.
- Ensure periodic reviews of standards, policies and procedures created are performed.
- Maintain document version control on standards, policies, and procedures.
- Gather feedback for continuous improvement on established employee and technology policies from IT and business partners.
- Run third party risk assessment reviews with vendors and articulate clarified responses in order to prepare the appropriate documentation.
- Coordinate architecture reviews to being included as part of third-party risk assessments.
- Prepare and run the Change Advisory Board meetings as required to keep close to IT implementation risks.
Risk
- Advises leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.
- Creates third party risk assessment artifacts that includes an executive summary, risk results and recommendations.
- Recommends controls to mitigate or reduce inherent risk identified during assessments.
- Deliver final results of the risk assessments to business stakeholders, project sponsors, program managers, and other internal parties.
- Communicates risk findings and recommendations that are clear and actionable to all stakeholders.
- Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
- Maintains register of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities
- Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.
- Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria.
- Schedule and coordinate periodic penetration tests, facilitate security tabletops, security simulations.
Compliance
- Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring the company meets both the requirements and intent of its regulatory and compliance obligations.
- Facilitates the remediation of control gaps and escalates critical issues to leadership.
- Conducts an exception review and approval process, and assures exceptions are documented and periodically reviewed.
- Prepares for and facilitates examinations by qualified security assessors for regulations such as NIGC MICS and PCI-DSS
- Works closely with control owners and internal and external auditors to ensure requests are completed timely.
- Design evidence artifacts that work across multiple controls
- Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.
- Take a best practice approach to information security to balance secure operations with innovation.
Security Awareness
- Supports workforce security activities including culture, awareness, and training.
- Coordinate the delivery of security awareness content for connected and non-connected workers.
- Conduct phishing simulations and report on effectiveness of the security awareness.
- Provide spot training based on results of phishing simulations to employees as required.
- All other duties as assigned.
Supervisory Responsibilities
This job has no supervisory responsibilities.
Qualifications
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed below are representative of the knowledge, skill and/or ability required.
Education and/or Experience
Bachelor's degree in Information Security, Information Technology, Computer Science or other related technology degree. Industry certifications like ISACA CISA, ISACA CISM, (ISC)2 CISSP, CompTIA Security+, CompTIA Network+, PCI-P or ISO-27001 CLA can also satisfy the education requirement.
Intermediate to advanced experience with computers, networks, firewalls, switches, encryption and authentication methods. Proficient, or able to gain proficiency with, a broad array of GRC applications and tools. Three or more years of professional experience in Information Security or Information Technology.
Language Skills
Ability to read, analyze, and interpret common scientific and technical journals, financial reports, and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to write speeches and articles for publication that conform to prescribed style and format. Ability to effectively present information to top management, public groups, and/or boards of directors
Mathematical Skills
Ability to work with mathematical concepts such as probability and statistical inference, and fundamentals of plane and solid geometry and trigonometry. Ability to apply concepts such as fractions, percentages, ratios, and proportions to practical situations.
Reasoning Ability
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret a variety of instructions furnished in written, oral, diagram, mathematical or schedule form.
Age Requirement
Must be at least 21 years of age.
Certificates, Licenses, Registrations
Yocha Dehe Tribal Gaming License
Physical Demands
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job with or without reasonable accommodations.
While performing the duties of this job, the employee is occasionally required to walk, stand, reach with hands and arms; and regularly to use finger, handle or feel, sit, and talk or hear. The employee may occasionally lift and/or move up to 10 pounds.
Work Environment
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job with or without reasonable accommodations.
While performing the duties of this job, the employee is occasionally exposed to moving mechanical parts and secondhand tobacco smoke. The noise level in the work environment is usually moderate.
Apply on company website
Find Connections via Linkedin
