The Director of Information Security is a strategic thought leader responsible for the design, delivery, and operations of Cache Creek Casino Resort’s Information Security domain. This includes the following functions: Strategy, Security Operations Center (SOC), Cyber Forensic Investigations (CFI), Identity & Access Management, Risk Management, Vulnerability Management, Patch Management, and Endpoint Management. The successful candidate will provide technical leadership, develop and mentor a team of IT professionals ensuring that all systems and data are secured in alignment with the company’s risk tolerance level.
Essential Duties and Responsibilities include the following. Other duties may be assigned.
Define and implement the strategy and roadmap for the Information Security domain.
Communicate and ensure the alignment of the Information Security strategy with organizational leadership.
Determine current state Information Security program maturity and define its target state.
Lead security assessment and testing processes, including but not limited to: penetration testing, vulnerability management, and secure software development.
Proactively identity security issues and potential threats, and continuously build processes and design systems that watch for and protect against them.
Define and regularly practice company-wide Incident Response (IR) table top exercises.
Establish and maintain a company-wide training curriculum for Information Security.
Promote Information Security awareness across the company and with the external security community.
Provide 24/7/365 support for all things Information Security; address all reported issues within defined SLAs.
Deliver all service requests within defined SLAs, and participate in the delivery of capital projects.
Ensure all systems are designed and operated in alignment with Information Security best practices.
Define and operationalize departmental policies, standards, SOPs and run books.
Define, track, and report on departmental metrics.
Interface with internal and external auditors.
Ensure all audit findings are remediated within agreed upon timelines.
Manage large vendor relationships.
Interface, collaborate and foster strong relationships with business stakeholders.
Effectively communicate with members of the Executive team.
Plan, track, and adhere to departmental budget.
Hire, develop, and retain top talent to accomplish the team’s mission.
Recognize and reward top performers and address poor performance in the moment.
Directly supervises subordinate supervisors and employees within the Information Technology department. Carries out supervisory responsibilities in accordance with the organization's policies, procedures and applicable laws to include training employees, assigning and directing work, evaluating performance, and addressing complaints and disciplinary problems.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily with or without reasonable accommodations. The requirements listed below are representative of the knowledge, skill and/or ability required.
Education and/or Experience
Ten years professional experience in Information Security; Bachelor’s degree in Cybersecurity, Security Engineering, Computer Science, or related technical field; or equivalent combination of education and experience. Must have 5 years of professional experience leading Information Security teams, and demonstrative experience leading Information Security frameworks such as NIST 800-53, NIST CSF, or ISO27001/2.
Ability to read, analyze, and interpret common scientific and technical journals and legal documents. Ability to respond to common inquiries or complaints from customers, regulatory agencies, or members of the business community. Ability to effectively present information to top management, public groups, and/or boards of directors.
Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percent and to draw and interpret bar graphs.
Ability to define problems, collect data, establish facts, and draw valid conclusions. Ability to interpret a variety of instructions furnished in written, oral, diagram, mathematical or schedule form.
Must be at least 21 years of age.
Certificates, Licenses, Registrations
Cache Creek Casino Resort Tribal Gaming License
One or more of the following Information Security certifications preferred: CISSP, CCISO, ISACA - CISM, CompTIA Security+, CEH, CPP, CISA
ITIL Foundations certification preferred
The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job with or without reasonable accommodations.
While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required to walk and sit. The employee is occasionally required to stand; use hands to finger, handle, or feel; and stoop, kneel, crouch or crawl. The employee may occasionally be required to lift and/or move up to 25 pounds.
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job with or without reasonable accommodations.
While performing the duties of the job, the employee is occasionally exposed to secondhand tobacco smoke. The noise level in the work environment is usually moderate.