BettingJobs is working with an online bookmaker with a long history of changing the landscape of the sports betting and gaming industry through its integrity, high level of customer satisfaction, and revered risk management. They are seeking a Network and Security Compliance Officer to join their team in Toronto.
Responsibilities:
• Provides Level 2 support, Coordinates problem resolution among a variety of functional areas and provides subject matter expertise support for information security related issues.
• Create and update information security policies and procedures.
• Conduct internal audits to ensure that non-conformities are identified and remediated.
• Develop metrics/KPIs to report on security and privacy compliance performance.
• Maintain compliance with security standards and licensing requirements including ISO 27001, MGA, PCI-DSS and GDPR.
• Coordinate preparation for annual ISO, MGA, and other certification audits.
• Administer third party security programs including vulnerability scans, security information and event management (SIEM), File integrity monitoring (FIM) and penetration testing.
• Identify opportunities for improvement in security practices and operational processes.
• Responsible for the Security Awareness and other mandatory security training programs.
• Participate in Incident Management and Risk remediation activities.
• Active participation in Vulnerability Assessment process and SIEM process. Conduct regular review of vulnerability and security log reports, create mitigation actions, monitor for completion.
• Collaboration with Legal and other departments to ensure continued regulatory and contractual compliance with information security requirements.
• Ensures security best practices are followed for production environments.
• Support procedures for managing alerts, reports and incidents.
• Address security incident reports and handle first response and action.
• Documenting, tracking and investigating information security events, requests, and incidents.
• Maintaining and monitoring SIEM systems including creating scheduled reports and alerts.
• Monitoring IDS/IPS alerts and investigating issues with relevant IT teams.
• Monitoring bot mitigation alerts and advising on proper action.
• Vulnerability assessments of computer systems, network devices and applications using vulnerability scanning tools.
• Monitoring and investigating alerts in the data leak prevention system.
• Monitor systems for any anomalies, proper updating, and patching.
• Monitor vendor websites for potential threat alerts and software upgrades.
• Maintains system documentation and configuration data for regulatory and audit purposes.
• Researching and recommending new security protocols and technologies. Other duties as assigned.
Requirements:
• Communicate effectively in English, both oral and written form.
• A strong technical understanding and hands-on experience with computer networks.
• Ability to clearly communicate with technical and non-technical stakeholders.
• Ability to work independently and with minimal supervision as well as a team member.
• Expert knowledge in the areas of risk assessment, strong understanding of secure communications, secure data storage, secure systems development, secure systems deployment, and documentation.
• Ability to rely on extensive field experience and judgment to plan and accomplish set goals.
• Familiarity with a variety of the information security, networking, and governance concepts, practices, and procedures.
• Understanding of real-world application of ISO standards, GDPR, PCI-DSS, and various gaming commission compliance requirements.
• Expert working knowledge of report creation and data analysis via MS-Word, PowerPoint, and Excel applications.
• Able to quickly absorb a high volume of company specific knowledge, understanding new technologies and their impact on the company's overall security posture.
• Well-rounded understanding of the information security risks generated by incorrectly deployed and configured applications.
• Demonstrated ability to multi-task and operate in a high stress environment.
• Establish and maintain cooperative working relationship with all those contacted during the course of work.
• Must always be available on call for Tier 2 escalations.
