Sr. Analyst - Governance, Risk, & Verification

The primary responsibility of  the Sr. Analyst - Governance, Risk, and Verification (GRV) provides technical and business support to the Cyber Security Team for risk management tools and processes. This role is tasked with implementing and maintaining risk management tools. The Sr. Analyst - Governance, Risk, and Verification will create and maintain all processes and procedures for the use of the tools. This position is considered the subject matter expert (SME) for risk management tools and all processes and procedures that support them.

All duties are to be performed in accordance with departmental and The Venetian Resort’s policies, practices, and procedures.

• Work with the Cyber team members and IT to design, deploy, configure, and maintain Governance, Risk, and Verification hardware, software, and processes functional and technical requirements gathering and documentation.
• Workflow creation and documentation.
• Coordinate the design of technical and documentation feeds to the tool
• Tool deployment testing – user, functional, and technical testing.
• Create and communicate the processes and procedures that are internal to the team and to external tool users.
• Create, test, and deploy tool training in coordination with the Sr. Manager - Cyber Training.
• Create and report project progress metrics.
• Track and follow-up on all due dates for risk cycle activities.
• Responsible for on-going support of the tool, and maintenance of all documentation pertaining to the tool and its use.
• Safety is an essential of this job.
• Consistent and regular attendance is an essential function of this job.
• Performs other related duties as assigned.

Company Standards of Conduct

All The Venetian Resort Team Members are expected to conduct and carry themselves in a professional manner at all times. Team Members are required to observe the Company’s standards, work requirements and rules of conduct.

Mimimum Quaifications:

• 21 years of age.
• Proof of authorization to work in the United States.
• Bachelor’s degree or equivalent work experience.
• Must be able to obtain and maintain a Nevada Gaming Control Board Registration and any other certification or license, as required by law or policy.
• 2+ years’ experience in risk management is required.

• 2+ years’ experience in designing, deploying, and using a GRV solution is required.
• 5 years’ experience in a combination of Information Technology (IT) and Information Security (Cyber) operations experience or 5 years’ experience in Cyber Operations can be substituted for the certifications.
• CISSP or GISP certification.
• Project management skills including regular status reporting in accordance with the direction given by the Sr. Manager Governance and Risk.
• Must have experience with data feeds/ APIs, Data Driven Events, and configuration for data feeds.
• This position will be part of the team that is responsible for establishing and maintaining an enterprise GRV vision, strategy, and program.
• Knowledge and experience in cyber systems, network domain structures, identity management, security architecture, incident response, privacy and data protection, network, website, application, database, and operating systems security, and wireless networking.
• Strong understanding of Configuration Management Database (CMDB) and IT asset management.
• Experience with Microsoft server, Microsoft SQL server and databases, XML/XSLT.
• Knowledge and experience with the ISO 27000/NIST/SOX/PCI series Information Security family of documents.

• Experienced in Cyber end-to-end governance of risk, including assessments, methodologies, mitigations, risk register.
• Experienced in verification of cyber risk mitigation.
• Experienced in reporting and explaining risk to audiences that possess varied levels of understanding.
• Use of state-of-the-art Governance, Risk, Compliance (GRC) tools such as, EMC/RSA Archer, or IBM OpenPages.
• Knowledge of industry, federal, state, and international cyber regulations and their compliance. Including: PCI DSS, GLBA, Sarbanes-Oxley, HIPAA/HiTech, and EU and other global PII laws and directives.
• Business Analyst experience a plus.
• Interface with business and IT stakeholders and serve as support for the program.
• Ability to build trust with customers and stakeholders.
• Strong organizational and time management skills, customer service focus, attention to detail, and process orientation.
• Ability to distill and present information to the business community in non-technical terminology.
• Flexibly to adapt to a changing environment.

• Ability to set priorities, meet deadlines, and manage projects.
• Self-motivated with the ability to execute direction from the Sr. Manager of Governance and Risk.
• Strong negotiating skills with IT, Business, and Audit departments.
• Ability to work independently on special projects.
• Participate in incident response as needed.
• Ability to communicate clearly and effectively in English, both in spoken and written form.
• Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
• Must be able to work varied shifts, including nights, weekends, and holidays.

Must be able to:

• Lift or carry 10 pounds, unassisted, in the performance of specific tasks, as assigned.
• Physically access all areas of the property and drive areas with or without a reasonable accommodation.
• Maintain composure under pressure and consistently meet deadlines with internal and external customers and contacts.
• Ability to interact appropriately and effectively with guests, management, other team members, and outside contacts.
• Ability for prolonged periods of time to walk, stand, stretch, bend, and kneel.
• Work in a fast-paced and busy environment.
• Work indoors and be exposed to various environmental factors such as, but not limited to, CRT, noise, dust, and cigarette smoke.