The Enterprise IT Risk and Compliance Manager is responsible for establishing and maintaining Boyd Gaming’s overall IT risk management program, which is designed to ensure that the company’s IT systems and information assets are adequately protected. The individual in this position is responsible for identifying, evaluating and reporting on information security risks in a manner that meets Boyd Gaming’s regulatory and other compliance requirements. The Enterprise IT Risk and Compliance Manager will also direct the development and implementation of policies, procedures and controls to ensure that the organization's practices remain observant to all pertinent local, state/province/county and federal laws and industry standards.
Specific to IT Compliance, the role is to assess and oversee all technology-related compliance issues across the organization including information security, privacy, business continuity, identity management, user access and data integrity. This includes providing objective risk assessments of the company's compliance with regulatory, organizational and commercial requirements governing the organization's information technology systems.
- Oversee the development, creation and execution of an enterprise cyber risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels (in collaboration with the Director of Information Security); conduct security risk and capability evaluations in support of M&A activity
- Oversee the execution of the enterprise IT compliance strategy and operations in collaboration with the Director of Information Security, Regulatory Compliance, and Internal Audit
- Partner to identify regulatory, legislative, and industry specific compliance requirements and define controls that can be used to meet those requirements
- Ensure the execution and management of 3rd party risk assessments
- Oversee the establishment and administration of an enterprise-wide cyber security policy framework, and develop a set of enterprise policies and minimum standards in line with business objectives, laws, and regulations; oversee the exception management process for cyber security policies, tools, and architecture
- Provide input to define KPIs & KRIs to measure enterprise-wide security effectiveness and support program governance
- Partner with other business division security groups to set continuous improvement priorities and monitor progress
- Responsible for management of an enterprise-wide cyber security awareness training program to drive desired security behaviors across the Allstate employee population and create or acquire core program content
- Oversee Identification, management and protection of personal data in accordance with its value and risk and retained in pursuant to applicable legal and regulatory requirements.
- Additional responsibilities and duties as required
Bachelor's Degree or advanced degree in IT/Computer Science/Engineering or equivalent experience.
10+ years of progressive experience in planning, organizing, and developing cyber and information security capabilities in large organizations, preferably in the Gaming and Hospitality Industry.
- Understand current and emerging cyber security risks, and innovative risk management methods
- Ability to interpret and apply security policy, standards, and controls definitions across a large, complex business
- Ability to design an effective security awareness program, and to partner across business areas and functions to ensure execution
- Experience with security operational metrics and dashboards, and managing performance effectiveness and improvement
- Knowledge of federal, state, and local cyber and information security regulation and legislation
- High level of interpersonal skills to interact with leaders at multiple levels and facilitate team interactions
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Strategic leader and builder of both vision and bridges, and able to energize the appropriate teams in the organization
- Sound knowledge of business management and a working knowledge of information security risk management and cybersecurity technologies
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Must be a critical thinker, with strong problem-solving skills
- Knowledge and understanding of relevant legal and regulatory requirements, such as: Sarbanes-Oxley Act (SOX), Payment Card Industry/Data Security Standard, jurisdictional Gaming requirements and Health Insurance Portability and Accountability Act (HIPAA) and.
- Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
- Project management skills: financial/budget management, scheduling and resource management
- Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
- Experience with contract and vendor negotiations
- Excellent stakeholder management skills
- High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity
- High degree of initiative, dependability and ability to work with little supervision while being resilient to change
- Additional background investigations or probes may be conducted as part of hiring process