Reporting to the Senior Manager, Operations and Telecommunications, the IT Compliance Analyst will be a team player and a self-motivated individual who will play an important role in ensuring compliance programs and IT Security Policy deliverables are met. This position will work closely with various business partners as a subject matter expert to facilitate the completion of risk assessments and targeted compliance risk assessments. Utilizing excellent written and verbal communication skills, the incumbent will be responsible for the effective and timely communication of issue statuses to stakeholders as well as articulating any deficiencies to key management personnel. This position is also responsible for support remediation activities through tracking and verification.
Essential Duties & Responsibilities
- Analyze and interpret audit findings and reports to provide consultation and expert advice to management on how to formally respond and remediate issues discovered.
- Decide on severity, categorization, and ownership of audit issues.
- Escalate to management as necessary if appropriate responses to audit issues are not received.
- Negotiate acceptable time frames to comply with audit findings by interfacing with auditors, IT management and business personnel.
- Work with various business partners to facilitate the completion of risk assessments and targeted compliance risk assessments.
- Assist risk owners with the identification of key risks and mitigating controls in their business, as well as action plans to address any gaps in the mitigating measures identified.
- Examine policies, procedures, and practices to ensure compliance with laws and regulations and implement any needed changes into the action plans.
- Maintain an organized and accurate system of records designed to keep management informed of key performance indicators and deliverable dates.
- Assist IT management in maintaining data classifications.
- Manages/hosts/coordinates all internal and external audits for the IT department.
- Acts as primary liaison to the Gaming Control Board to ensure timely communication of updates in either direction.
- System implementation control design – security, change management, automated controls, operational controls, disaster recovery, backups, etc.
- Maintain a current knowledge of applicable Gaming regulations, business operations, and internal Compliance policy and procedures.
- Provides IT Security with control guidance and recommendations.
- Provide services to IT personnel in the development of policy and process and in the fulfillment of performing and reporting on these processes.
- Manage and disseminate the IT Key Controls.
- Assist IT technical groups with compliance impact analysis when changes to systems are made.
- Reviews proposed IT contracts to ensure appropriate Tribal guidelines, rules, and regulations are met and adhered to in accordance with Tribal policies / regulations.
- Ensures current contracts are fulfilled within time frames and upload into the contract system for Legal review.
- Manage the creation and maintenance of the Segregation of Duties database.
- Oversee the quarterly review process and all access changes that need to take effect.
- Administration of the access control system.
- Perform other duties as assigned to support the efficient operation of the department.
- BS/BA or equivalent experience in an Information Technology or related Technical area, such as Computer Sciences and/or Engineering.
- Five (5) years of experience in the gaming or other highly regulated industry, 5-8 years of direct experience in documentation development and management activities.
- Equivalent combination of education and progressive, relevant and direct experience may be considered in lieu of minimum educational/experience requirements indicated above.
- Working knowledge of IT PMO and ITIL frameworks is highly desirable.
- Strong organizational and technical writing skills required.
- Detail oriented, but focused on efficiency and workable solutions.
- Strong Project Management and organizational skills.
- Strong verbal and written communication skills.
- Ability to work independently with only high level guidance and supervision.
- Experience in IT System design, deployment and validation/qualification is a plus.
- Experience working in a regulated gaming environment with high emphasis on Validation/Qualification & Compliance of systems and processes is a plus.
- Working knowledge of utilizing a risk-based approach to documentation and/or experience with Quality Risk Management is strongly preferred.
- At the discretion of the San Manuel Tribal Gaming Commission you may be required to obtain and maintain a gaming license.
San Manuel Band of Mission Indians and San Manuel Casino will make reasonable accommodations in compliance with the Americans with Disabilities Act of 1990.