Under general supervision of the CIO, the IT Security Analyst performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation, and resolution of security breaches detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines, and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its stated policies, procedures, and guidelines and to actively work towards upholding those goals.

This list of duties and responsibilities is illustrative only of the tasks performed by this position and is not all-inclusive.

SUPERVISION RESPONSIBILITIES:

None

MINIMUM QUALIFICATIONS:

• Must be a minimum of 21 years of age.
• College diploma or university degree in Computer Science and/or two years equivalent work experience.
• One or more of the following certifications:
  • CompTIA Security+
  • GIAC Information Security Fundamentals
  • Microsoft Certified Systems Administrator: Security
  • Associate of (ISC)
• Experience working with enterprise IT security tools and reviewing system security logs.
• Required to pass a pre-employment drug screening and obtain and maintain an Osage Nation gaming license.
• Required to maintain a valid Driver’s License.
• Required to provide documents to show the applicant is eligible to work in the United States.
• Osage, Native American, and Veteran preference shall apply to all positions at Osage Casinos.
• Applicants must be able to perform all essential functions of job duties with or without reasonable accommodation.

COMMUNICATION:

• Ensures company information provided by management is effectively communicated to assigned staff and ensures staff concerns, request for information, and ideas for improvement are effectively relayed to management.
• Facilitates the flow of information throughout the area of responsibility by presiding over scheduled meetings with staff and team members as required.
• Stays informed of company information and communications by reviewing all e-mails, digital boards and SharePoint.

DEPARTMENT OPERATIONS:

• Develops and promotes risk managed, consistent controls and processes to ensure IT risk management, security, privacy, and compliance are priorities.
• Provides gap analysis between security policies/standards/regulations and practices, processes, and solutions; recommend actions to the CIO.
• Establishes, documents & manages processes and supporting tools used to accomplish IT compliance with regulatory and best practice security and compliance frameworks (e.g. ISO 27001, PCI, SOX, etc.).
• Works with business and IT stakeholders to establish priorities for process improvements that remediate or mitigate risk.
• Interacts with other IT Staff / Business Leaders to enhance the understanding of security issues and to agree on solutions.
• Helps with IT asset security control coverage and metrics reporting regarding security and compliance data.
• Assists with threat & vulnerability management process and tools.
• Prepares automated and ad hoc reports and/or interpret data from various security sources (e.g. Security & Information Event Management, Intrusion Protection System), Data Loss Prevention, etc.).
• Facilitates and executes responses to regulatory questionnaires & inquiries, Audits, and Remediation Plans.
• Supports security awareness training efforts across the business.
• Monitors and provides support for business unit implementations of security technology initiatives and remediation measures.
• Assesses and consults on data protection methods (e.g. access controls, encryption, vulnerability management, etc.).
• Conducts research on emerging products, services, protocols, and standards in support of security enhancement and development efforts.
• Interacts with vendors, outsourcers, and contractors to obtain protection services and products.
• Recommends, schedules, and performs security improvements, upgrades, and/or purchases.
• Maintains professional and technical knowledge by conducting research, attending seminars, educational workshops, classes and conferences; reviewing professional publications; establishing networks; participating in professional societies; conferring with representatives of contracting agencies and related organizations.
• Contributes to a team effort and accomplishes related results as required.
• Performs other duties as required.

GUEST SERVICE:

• Provides excellent internal and external guest services, treating all guests with courtesy and consideration at all times.
• Cooperates and communicates with all employees, always exhibiting mutual respect and consistently projecting a positive, helpful image and attitude.
• Monitors production and service levels by interacting with guest and staff.

KNOWLEDGE, SKILLS, AND ABILITIES:

• Knowledge of NIGC MICS, ONGC Regulations, departmental, and organizational policy and procedures.
• Extensive knowledge of computer systems, networks, and all associated hardware, software, techniques and associated protocols, including encryption, Virtual Private Networks and associated secure transmission technologies.
• Knowledge of the internet, intranet and extranet technologies and applications.
• Knowledge of customer service standards and procedures.
• Knowledge of PCI standards, or other industry security standards.
• Skill in presenting and explaining technical information to others.
• Skill in analyzing problems, projecting consequences, identifying solutions, and implementing recommendations.
• Ability to weigh business risks and enforce appropriate information security measures.
• Ability to develop, implement, install, test, and troubleshoot complex security software
• Ability to show the utmost discretion and loyalty to the organization when dealing with confidential information and data.
• Ability to apply proven communication, analytical, and problem-solving skills while working independently; managing projects; installing, configuring, upgrading, maintaining, and monitoring system security performance and network resources.
• Ability to interact and maintain good working relationships with individuals of varying social and cultural backgrounds, employees, and officials.
• Ability to travel.

REGULATORY COMPLIANCE:

• Maintains excellent working relationships with other Company staff and all applicable regulatory commissions and other agencies as may be applicable to ensure compliance.
• Performs all duties in accordance with company core values, objectives of the Osage Nation, internal policies and procedures, as well, as applicable laws and gaming regulations, including but not limited to, the state-tribal compact, IGRA, MICS, ONGR, the Bank Secrecy Act, Office of Foreign Asset Control, USA Patriot Act and Privacy Act.

PHYSICAL DEMANDS:

• The employee is also regularly required to stand for extensive periods of time, walk, sit, and use hands to finger, handle, or feel objects, tools or controls.
• Ability to sit, stoop, kneel, crawl, balance, or crouch while performing duties.
• Ability to use hands to finger, handle, or feel.
• Ability to use arms to reach and lift above shoulders.
• Must have normal auditory and good verbal communication.
• Ability to lift upwards of 25 pounds.
• Ability to drag, push, or pull up to 50 pounds.
• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and the ability to adjust focus.

WORK ENVIRONMENT:

• Work is typically performed within an office and Casino setting.
• Exposure to second-hand smoke.
• Supports a 24/7 systems environment.
• Evening and weekend shifts may be required. Extended hours and irregular shifts may be required.
• Noise level in the work environment is moderate to high.
• The employee is regularly exposed to risks associated with travel between properties and back and forth to other areas as may be required due to business demands.
• The employee may be exposed to the risks associated in attempting to resolve issues with extremely irate or difficult people.
• The employee may be exposed to risks associated with the use of tools/machinery.