Manager - IT Governance, Risk, and Compliance

Link Technologies (LinkTechConsulting.com), a Las Vegas-based IT consulting firm, is currently seeking a Manager – IT GRC (Governance, Risk, and Compliance) for a position in Las Vegas, NV. This will be an onsite, permanent opportunity. SummaryThe Manager – IT GRC (Governance, Risk, and Compliance) is responsible for managing and maturing the Information Technology governance, risk, and compliance operations through management of direct reports and collaboration with staff from Information Technology, Compliance, Legal & Privacy, and Internal Audit. Responsibilities

• Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, and jurisdictional specific Minimum Internal Control Standards (MICS).
• Act as the liaison for regulatory third-party assessors including relevant Gaming Control Boards and PCI-DSS assessors.
• Improve and maintain custom frameworks for tracking regulatory compliance requirements to audit artifacts, including defined procedures for each artifact with an associated calendar of due dates.
• Collaborate with peers and leaders across the organization to ensure enterprise compliance requirements are maintained, enforced, and operationalized.
• Improve and maintain a comprehensive policy library, tying IT procedures, guidelines, and standards to approved company policy. Manage and socialize documentation of standard operating procedures for IT.
• Improve and maintain the application inventory system as the source of record for approved business applications. Define and govern application ownership and assignment of application-specific responsibilities through written guidelines such as a RACI matrix.
• Redefine the asset classification structure. Build procedures for assets and license inventory and coordinate the activities of the asset management team to execute.
• Manage the technical risk registry and related compensating controls under guidance from Information Security leadership.
• Manage and maintain corporate compliance for the patch management process through assessment and reporting of system vulnerabilities. Track operational remediation efforts against defined Service Level Agreements (SLAs).
• Lead and optimize the weekly Production Change Request (PCR) process to improve quality and accountability of system changes.
• Lead both manual and automation efforts to ensure systems for both employee and vendors adhere to the least privilege model of role-based access.
• Oversee all training for IT GRC across IT and various business units.
• Where necessary, supervise recruitment, development, retention, and organization of system staff in accordance with corporate budgetary objectives and personnel policies.
• Develop metrics for the department and opportunities for improvement.

• College diploma or university degree in computer science or IT management and/or 7 years of equivalent work experience.
• 5 years IT compliance experience at minimum.
• Exceptional ability to create, lead creation of, and manage technically precise documentation, with patience to give and receive feedback to make iterative improvements over time.
• High level of personal integrity and ability to show an appropriate level of judgment and maturity.
• Excellent written and oral communication and presentation skills for leadership, technical and business audiences.
• General ability to pull data from database tables, database views, application sources, and other data stores for the purpose of compliance reporting.
• Poise and ability to act calmly and competently in high-pressure, high-stress situations.
• Must be a critical thinker with strong problem-solving skills.
• Detail oriented, self-motivated and disciplined, with excellent time management skills
• Working technical knowledge of systems including server, racks, storage, appliance & monitoring tools.
• Strong understanding of IT regulations and ordinances.
• Proven experience in planning, organizing, and developing IT compliance initiatives.
• Excellent understanding of project management principles.
• Audit or accounting background is a plus.
• Working knowledge of all state, local, federal, and gaming laws & regulations.
• Strong consideration given for compliance related certification or trainings, specifically with one or more of the following certifications or training: CISA, CISM, CRISC, PCI-ISA, PCI-QSA, CSOE, CRCM, Splunk Searching and Reporting.