Cybersecurity Analyst - Randstad USA
Boston, MA 02109
About the Job
The role requires strategic vision and the ability to influence change and communicate a coherent understanding of how to efficiently and effectively oversee the security and data protection practices of the organization's licensees. This position must develop a staffing plan to review 3rd party security audits of the organization's licensees and ensure that licensees address and document risk areas identified in audit reports. Critical aspects of the work involve providing expert advice and guidance on the capabilities and limitations of IT security oversight for the organization's licensees. Providing expertise and leadership in ensuring the organization's licensees understand the regulatory requirements relating to security, privacy, and compliance responsibilities. All duties are to be performed in accordance with the organization's policies, practices, and procedures.
Required Education and Experience:
Bachelor's degree in Computer and Information Science or related degree
5 years of progressive information security experience across various information security/information technology risk management domains such as but not limited to application security, infrastructure security, identity, and access management, vulnerability and cyber threat management, security architecture, etc.
Duties and responsibilities include, but are not limited to, the following:
- Plan, organize, and direct the analysis, design, development, implementation, and operation of information security and data protection requirements for the organization's licensees.
- Consult with senior staff, operational experts, industry technical compliance, information security staff, and third-party security experts to determine information systems risk control requirements and the operational and oversight controls needed to verify compliance with the requirements.
- Provide guidance and assistance to staff on resource capabilities relative to the risk control framework for information security and data protection practices of the organization's licensees.
- Research operational requirements related to information and data security risk control measures used in the gaming industry and develop performance metrics to evaluate the effectiveness of similar the organization's requirements for its licensees.
- Develop and oversee internal and external information security awareness training and educational activities relating to the organization's oversight of the gaming industry.
- Review and recommend amendments to statutes and administrative rules that pertain to gaming industry information and data protection security.
- Develop a plan for information security and data protection initiatives and create cost estimates, work plans, and timelines for the organization's oversight and industry compliance education efforts.
- Research new technologies to enhance information security and data protection risk control programs.
- Monitor overall operational efficiency and initiates projects to improve performance.
- Create minimum standards for information security professionals used by the organization licensees and create a certification program for such professional service providers.
- Develop metrics to evaluate services provided by certified professional service providers of network security auditors and otherwise develop oversight procedures for third-party risk control professionals involved in performing compliance work related to the organization information security and data protection requirements.
- Provide consultative guidance and direction to leadership on the utilization and capabilities of the organization's information security and data protection oversight activities.
- Maintain awareness of potential cyber-attack technologies, methods, and signatures.
- Direct the training of subordinate staff to ensure they are kept up to date with changes in information security and data protection. Prepares progress reports to inform management of project developments and deviations from objectives; consults with specialist or technical personnel to solve complex problems.
- Possess a working knowledge of all the organization regulations, policies, and procedures.
- Ensure that the objectives under the Information Security Department align with applicable laws, regulat