Enable America Jobs

INFORMATION SECURITY & PRIVACY ANALYST

Our client is seeking an Information Security and Privacy Analyst reporting to the Information and Network Security Manager to establish, review and maintain the full range of information technology policy and oversight programs for client in accordance with applicable laws and regulations. This includes, but is not limited to, formulating information technology policies designed to oversee the gaming industry’s responsibilities to identify, assess and remediate Technology, Data, and Cybersecurity Risk relating to licensed gaming activities in Massachusetts. The role requires strategic vision and the ability to influence change and communicate a coherent understanding of how to efficiently and effectively oversee the security and data protection practices of client licensees. This position must develop a staffing plan to review 3rd party security audits of clients licensees and ensure that licensees address and document risk areas identified in audit reports. Critical aspects of the work involve providing expert advice and guidance on the capabilities and limitations of IT security oversight for client licensees. Providing expertise and leadership in ensuring client licensees understand the regulatory requirements relating to security, privacy, and compliance responsibilities. All duties are to be performed in accordance with client policies, practices, and procedures.

Duties and responsibilities include, but are not limited to, the following:

• Plan, organize, and direct the analysis, design, development, implementation, and operation of information security and data protection requirements for licensees.

• Consult with senior staff, operational experts, industry technical compliance, information security staff, and third-party security experts to determine information systems risk control requirements and the operational and oversight controls needed to verify compliance with the requirements.

• Provide guidance and assistance to staff on resource capabilities relative to the risk control framework for information security and data protection practices of licensees.

• Research operational requirements related to information and data security risk control measures used in the gaming industry and develop performance metrics to evaluate the effectiveness of similar requirements for its licensees.

• Establish and maintain communication with peer gaming regulatory staff responsible for information and data security and leverage resources to promote efficiency and more effective oversight of common licensees.

• Develop and oversee internal and external information security awareness training and educational activities relating to oversight of the gaming industry.

• Review and recommend amendments to statutes and administrative rules that pertain to gaming industry information and data protection security.

• Continuously review and update information security and investigations procedures to ensure compliance with all regulated and unregulated standards pertaining to the responsible operation of licensed gaming activities in Massachusetts.

• Develop a plan for information security and data protection initiatives and create cost estimates, work plans, and timelines for oversight and industry compliance education efforts.

• Research new technologies to enhance information security and data protection risk control programs.

• Monitor overall operational efficiency and initiates projects to improve performance.

• Create minimum standards for information security professionals used by licensees and create a certification program for such professional service providers.

• Develop metrics to evaluate services provided by certified professional service providers of network security auditors and otherwise develop oversight procedures for third-party risk control professionals involved in performing compliance work related to information security and data protection requirements.

• Provide consultative guidance and direction to leadership on the utilization and capabilities of the information security and data protection oversight activities.

• Maintain awareness of potential cyber-attack technologies, methods, and signatures.

• Direct the training of subordinate staff to ensure they are kept up to date with changes in information security and data protection. Prepares progress reports to inform management of project developments and deviations from objectives; consults with specialist or technical personnel to solve complex problems.

• Possess a working knowledge of all Regulations, policies, and procedures.

• Ensure that the objectives under the Information Security Department align with applicable laws, regulations, policies, and s code of ethics.

• Other projects assigned by the Chief Information Officer.

Qualifications Required Education and Experience:

• Bachelor’s degree from an accredited college or university in Computer and Information Science, Computer Engineering, Computer Systems Analysis, Information Cybersecurity and five (5) years of progressive information security experience across various information security/information technology risk management domains such as but not limited to application security, infrastructure security, identity, and access management, vulnerability and cyber threat management, security architecture, etc.

• Additional appropriate experience in progressive information security/information technology risk management substitutes for the degree requirement on a year-foryear basis.

• Additional appropriate education in Master’s Degree or Doctorate substitute for the required experience on a year-for-year basis.

Required Skills and Abilities:

• Security certifications, e.g., CISSP, CISA, CISM, CCSP.

• Previous knowledge and experience in designing and architecting information technology and security controls across complex and diverse networks, applications, and infrastructures are strongly preferred.

• Technical aptitude, critical thinking skills, and the ability to think outside the box.

• Demonstrated ability to solve complex information security problems, observe security risks and weaknesses, and provide security recommendations to the respective project and delivery teams.

• Ability to translate technical risk issues to business leaders and upper management. Excellent verbal, written, and interpersonal communication skills.

• Detail-oriented and value teamwork.

• Knowledge of the Massachusetts gaming statutes and regulations.

• Ability to resolve problems as they arise and handle situations expediently.

• Must be able to work a flexible schedule according to business needs, including evenings, weekends, and holidays.

Preferred Skills and Abilities: The following preferred experience(s), competencies, and abilities are highly desirable for this position and will be considered in selecting the successful candidate:

• Applicants with progressive gaming industry information security experience are strongly encouraged to apply.

• Demonstrated experience as a supervisor of a unit with at least two employees.

• In-depth knowledge and experience working with common regulatory framework applications related to data security, including HIPAA, HITRUST, - General Data Protection Regulation (GDPR), National Institute of Standards & Technology (NIST) standards, Payment Card Industry Data Security Standard (PCI), and similar constructs are highly desired.

• Demonstrated experience in the evaluation, selection, and decision-making as it relates to gaming security controls. Salary is commensurate with experience.

If this is a role that interests you and you’d like to learn more, click apply now and a recruiter will be in touch with you to discuss this great opportunity. We look forward to speaking with you!

About ManpowerGroup, Parent Company of: Manpower, Experis, Talent Solutions, and Jefferson Wells

ManpowerGroup® (NYSE: MAN), the leading global workforce solutions company, helps organizations transform in a fast-changing world of work by sourcing, assessing, developing, and managing the talent that enables them to win. We develop innovative solutions for hundreds of thousands of organizations every year, providing them with skilled talent while finding meaningful, sustainable employment for millions of people across a wide range of industries and skills. Our expert family of brands – Manpower, Experis, Talent Solutions, and Jefferson Wells – creates substantial value for candidates and clients across more than 75 countries and territories and has done so for over 70 years. We are recognized consistently for our diversity - as a best place to work for Women, Inclusion, Equality and Disability and in 2022 ManpowerGroup was named one of the World's Most Ethical Companies for the 13th year - all confirming our position as the brand of choice for in-demand talent.

ManpowerGroup is committed to providing equal employment opportunities in a professional, high quality work environment. It is the policy of ManpowerGroup and all of its subsidiaries to recruit, train, promote, transfer, pay and take all employment actions without regard to an employee's race, color, national origin, ancestry, sex, sexual orientation, gender identity, genetic information, religion, age, disability, protected veteran status, or any other basis protected by applicable law.