The Engineer – InfoSec GRC (Governance, Risk, and Compliance) is the primary technical resource supporting the objectives of the GRC team for Wynn Resorts North America.This role owns and optimizes control testing procedures to be executed either by the InfoSec GRC team of analysts or various automation tools, and organizes supporting documentation including architecture diagrams, data flow diagrams, vendor documentation, etc. to demonstrate effectiveness to internal and external auditors.This role will be key in growing the technical maturity of the GRC program, reporting to the Manager – IT GRC, with general direction from the VP of Information Security and CISO and Executive Director of Information Security Engineering.The GRC team supports one of the four pillars of Information Security under the Chief Information Security Officer; the others are Architecture & Engineering, Incident Response, and Identity & Access Management.QualificationsCollege diploma or university degree in computer science or related discipline and/or 4 years of equivalent work experience. Four Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.Job ResponsibilitiesImplements, operationalizes, and improves technical solutions to support effective and auditable compliance to applicable industry standard and regulations (SOX, PCI, MICS, NIST, HIPAA, etc.)Review and continuously improve written compliance audit and due diligence procedures for execution by various technical and non-technical staff, including GRC analysts, internal auditors, and IT staff.Support and maintain all systems where GRC is the business stakeholder, including tools used for audit automation, asset management, application inventory, change management, and vulnerability management.Identify, evaluate, recommend, and implement technical improvements to mitigate control failures and gaps for stakeholders.Own and maintain the technical details within the Wynn GRC control framework, including accurate scoping of systems and networks, technical interpretations of controls, descriptions of artifacts, etc.Conducts periodic reviews of audits to optimize audit procedures and technical artifacts.Operate as the technical subject matter expert to respond to inquiries from third-party assessors and auditors.Collaborate with peers and management in various teams to ensure enterprise technical compliance requirements are effectively operationalized.Support corporate compliance for the patch management process through reporting and technical interpretation of system vulnerabilities. Track operational remediation efforts against defined Service Level Agreements (SLAs).Lead efforts to validate production changes to improve quality and accountability of system changes.Remain current on best practices and technological advancements and act as a technical resource for security assessment and regulatory compliance.Oversee all training for IT GRC across IT and various business units.Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.Understand and enforce all applicable regulatory requirements and artifacts for control requirements, including but not limited to SOX, PCI-DSS, NIST, and jurisdictional specific Minimum Internal Control Standards (MICS).Other duties as assigned.
