Job Description

The Supervisor – IT GRC (Governance, Risk, and Compliance) coordinates and performs IT security assessment functions and control testing reporting and activities in accordance with internal controls compliance, regulatory and departmental policy, and procedures. This role updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. Works with internal audit, external audit firms, and regulatory agencies to provide supportive documentation as applicable. The Information Security Supervisor takes a lead role in ensuring the security of all protected information collected, used, maintained, or released by Wynn Resorts North America. Under the general direction of the VP of Information Security and CISO which includes the Executive Director of Information Security Engineering, the Security Risk and Compliance Supervisor receives assignments in the form of objectives with goals and the process by which to meet goals. Reporting to the Manager – IT GRC, this role will be key in growing the existing compliance team into the newly restructured GRC program. The GRC team supports one of the four pillars of Information Security under the Chief Information Security Officer; the others are Architecture & Engineering, Incident Response, and Identity & Access Management.

Job Responsibilities

• Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances business objectives.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Conducts reviews of audits conducted by Compliance Analysts
• Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).

• Develops reporting metrics, dashboards, calendar, and evidence artifacts. Implementing processes, such as GRC (governance, risk, and compliance), to automate and regularly monitor information security controls, exceptions, risks, testing.

• Act as the liaison for regulatory third-party assessors including relevant Gaming Control Boards and PCI-DSS assessors.
• Collaborate with peers and leaders across the organization to ensure enterprise compliance requirements are maintained, enforced, and operationalized. Define and govern application ownership and assignment of application-specific responsibilities through written guidelines such as a RACI matrix.
• Improve and maintain a comprehensive policy library, tying IT procedures, guidelines, and standards to approved company policy. Manage and socialize documentation of standard operating procedures for IT.
• Improve and maintain the application inventory system as the source of record for approved business applications. Redefine the asset classification structure.
• Manage the technical risk registry and related compensating controls under guidance from Information Security leadership.
• Manage and maintain corporate compliance for the patch management process through assessment and reporting of system vulnerabilities. Track operational remediation efforts against defined Service Level Agreements (SLAs).
• Lead and optimize the weekly Production Change Request (PCR) process to improve quality and accountability of system changes.
• Lead both manual and automation efforts to ensure systems for both employee and vendors adhere to the least privilege model of role-based access.
• Remain current on best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.
• Oversee all training for IT GRC across IT and various business units.
• Where necessary, supervise recruitment, development, retention, and organization of system staff in accordance with corporate budgetary objectives and personnel policies.
• Develop metrics for the department and opportunities for improvement.
• Other duties as assigned.

Qualifications

• College diploma or university degree in computer science or related discipline and/or 4 years of equivalent work experience. Four Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
• Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
• Working knowledge of Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols.
• Information systems auditing, monitoring, controlling, and assessment process.
• Incident response management.
• Risk assessment and management methodology.
• Researching and locating information related to internal and external organizations using online and other sources.
• Security project management and planning.
• Maintaining confidentiality.
• Troubleshooting and operating a computer and various software packages.
• Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
• Using judgment and ingenuity in maintaining objectives and technical standards.
• Effectively communicate technical issues to diverse audiences, both in writing and verbally.
• Ability to apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.
• Interact positively with staff, the Board, the public, and regulatory agencies to enhance effectiveness and to promote quality service.
• Comprehend technical language and to confer, analyze and write in an objective, lucid manner.
• Work independently and prioritize multiple tasks and adapt to needed changes.
• Remain calm under high pressure/difficult situations.
• General ability to pull data from database tables, database views, application sources, and other data stores for the purpose of compliance reporting.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker with strong problem-solving skills.
• Familiarity with state, local, federal, and gaming laws & regulations.
• Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, CISSP, CISM, CRISC, PCI-ISA, GSEC, Splunk Searching and Reporting.

Additional Information

Wynn Resorts is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Wynn Resorts does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws.

Wynn Resorts is an equal opportunity employer committed to hiring a diverse workforce and sustaining an inclusive culture. Wynn Resorts does not discriminate on the basis of disability, veteran status or any other basis protected under federal, state or local laws