IT/Information Security Auditor
Responsible to coordinate reviews and audits related to IT operations of the SMSC Gaming Enterprise to maintain regulatory compliance and the safeguarding of information assets. Serves as a member of the Information Security Workgroup responsible for the annual review of the Security Policy for necessary updates as technologies and best practices change; and on-going management development, implementation and maintenance of the Security Policy. Is responsible to review proposed IT projects and initiatives, and ensure controls are established consistent with regulatory and operational requirements. Performs risk assessments to identify, qualify, and prioritize risks to safeguard IT related assets; including management of risk mitigation plans. Maintains and develops IT Security Training and Awareness Programs. Reviews IT standards and procedures and provides input on adequacy, accuracy, and compliance. Analyzes validity of promotional system databases to ensure promotions are functioning within established guidelines. Reviews information security breaches. Assists management in evaluating IT related issues, including systems, proposed technologies, and the use, handling, storage and dissemination of information assets. Maintains strict confidentiality of gathered information while working with all levels of management and team members, and ensures appropriate oversight concerning all audit and related Information Security Policy issues.
- Bachelor’s degree in Business, Information Technology, Accounting, Finance or other related field.
- Five years of IT experience; including experience in Information Security.
- Have knowledge of and experience with risk assessments, database security/privacy, assessing database vulnerabilities, auditing/monitoring database activity and/or familiarity with workflow processes.
- Demonstrated business writing skills, proficiency in word processing, database and spreadsheet software.
- Experience in providing training and preparing materials related to maintaining operational compliance and updating/evaluating job related duties and responsibilities
- Documented continued training/education in IT best practices, current technologies and trends.
Background in Casino gaming systems and applications.
- Establishes audit objectives and develops audit plans in accordance with established regulatory standards (MICS, Information Security Policy, gaming regulations and departmental procedures) in conjunction with the review of information technology, data, systems, and special project audits to assess and evaluate compliance. Responsible for the conduct of audits, including document testing, observations, preparation of work papers, notes, correspondence and cross-referencing that support findings and recommendations related to the assigned audits; including follow-up reviews to noted corrective actions.
- In conjunction with the Information Security Policy, contribute to the development of control standards, and ensure such standards meet established policy requirements; for new IT projects review and recommend appropriate security control standards are implemented; develop impact classification and escalation procedures for incident management, and ensure incidents are investigated and resolved.
- Perform risk assessments to identify, qualify, and prioritize risks against established criteria for risk acceptance and objectives to safeguard IT assets; including the management of risk mitigation plans.
- Maintains, develops, and implements Security Training and Awareness Programs and accompanying materials.
- Manages Information Security Policy exceptions, determines necessary exceptions and risk. Develops mitigation protocols to noted exceptions.
- Independently ensure procedures and guidelines support the Information Security Policy, current technologies, trends, and industry best practices. As a member of the Security Workgroup, review, recommend, and initiate updates to the Information Security Policy.
- Reviews information generated from promotional systems to ensure the promotion and operational parameters are functioning consistent with established guidelines.
- Performs audit reviews related to IT operations and systems that are included in sections of gaming related audits conducted by Internal Audit. Prepares work papers, notes, correspondence and cross referencing that support findings and recommendations related to the assigned portions of such audits; including follow-up reviews to noted corrective actions.