Drives the on-going development of Seneca Gaming Corporation (SGC)’s enterprise information securityarchitecture, information security policy implementation and enforcement, and is responsible for ensuring the confidentiality, integrity and availability of the company’s information assets within a blended information security framework based on published guidance from CIS, NIST, PCI DSS, ISACA (CoBIT) and a pragmatic/risk-based approach. Drives the improvement of the security posture for all endpoints. Drives the maintenance, monitoring, and support associated with enterprise information security controls pertinent to endpoints and infrastructure.
Drives to the maintenance, monitoring, and support associated with enterprise information security toolsets. Consults with Information Security & Assurance (ISA) and Information Technology (IT) management/teams to verify that appropriate security controls are in place, identify gaps, and facilitate remediation. Assists with guidance, coordination, and support for SGC business units during applicable audits where/when applicable. Acts as primary information security resource on business-driven project teams, information security liaison for enterprise architecture initiatives, and mentor for other information security resources. Relies on pre-established policies and procedures to perform the functions of the job. All duties are to be performed within the guidelines of the Seneca Gaming Corporation’s policies and procedures, Internal Control Standards, and objectives.
Must be 18years of age or older upon employment.
Bachelor’s Degree in an Information Technology related field.
Minimum of five (5) years of work experience in a related Information Technology role is required.
Experience in a dedicated information security role for minimum of three (3) years is preferred.
Experience with IT audit processes (e.g. ITGC, PCI) preferred.
Some technical certification (CISSP, MCSE, CCSP, CCNP, CCSP, GIAC, CEH) preferred.
An equivalent combination of education and/or experience may be substituted for the above requirements.
Excellent understanding of networking principles including TCP/IP, WANs, LANs, and commonly used protocols/standards such as DHCP, DNS, , (E)SMTP, HTTP(S), FTP, RADIUS, IPSec, TLS/SSL, PKI, Telnet, SNMP, POP, LDAP, SSH, , NetFlow, 802.11, 802.1x etc.
Experience with IBMi (aka, AS/400, iSeries, System i) environment, commands, and utilities preferred.
Familiarity with penetration testing tools, security assessment methodology, and remediation requirements.
Familiarity with web architecture and technologies.
Capacity to evolve into finding, exploiting, and mitigating web application vulnerabilities.
Experience in IPS/IDS administration.
Experience in RADIUS/TACACS.
Experience in VPN configuration and administration.
Experience with syslog management solutions.
Experience with information security tools and utilities.
Experience with Microsoft Windows environment, commands and utilities required.
Experience with networksecurity practices to include cloud considerations.
Experience with email applications required, Microsoft Outlook experiencepreferred.
Must be able to demonstrate proficiency in Microsoft Windows and Microsoft Office.
Previous experience working in a casino is desired but not a requirement.
Must be able to learn all production applications/systems well enough to understand the security requirements of each position