information security and privacy analyst_

information security and privacy analyst.
+ boston , massachusetts
+ posted 10 days ago
**job details**
summary
+ $40 - $55 per hour
+ temp to perm
+ bachelor degree
+ category computer and mathematical occupations
+ reference1055537
job details
job summary:
The role requires strategic vision and the ability to influence change and communicate a coherent understanding of how to efficiently and effectively oversee the security and data protection practices of the organization's licensees. This position must develop a staffing plan to review 3rd party security audits of the organization's licensees and ensure that licensees address and document risk areas identified in audit reports. Critical aspects of the work involve providing expert advice and guidance on the capabilities and limitations of IT security oversight for the organization's licensees. Providing expertise and leadership in ensuring the organization's licensees understand the regulatory requirements relating to security, privacy, and compliance responsibilities. All duties are to be performed in accordance with the organization's policies, practices, and procedures.
Duties and responsibilities include, but are not limited to, the following:
+ Plan, organize, and direct the analysis, design, development, implementation, and operation of information security and data protection requirements for the organization's licensees.
+ Consult with senior staff, operational experts, industry technical compliance, information security staff, and third-party security experts to determine information systems risk control requirements and the operational and oversight controls needed to verify compliance with the requirements.
+ Provide guidance and assistance to staff on resource capabilities relative to the risk control framework for information security and data protection practices of the organization's licensees.
+ Research operational requirements related to information and data security risk control measures used in the gaming industry and develop performance metrics to evaluate the effectiveness of similar the organization's requirements for its licensees.
+ Develop and oversee internal and external information security awareness training and educational activities relating to the organization's oversight of the gaming industry.
+ Review and recommend amendments to statutes and administrative rules that pertain to gaming industry information and data protection security.
+ Develop a plan for information security and data protection initiatives and create cost estimates, work plans, and timelines for the organization's oversight and industry compliance education efforts.
+ Research new technologies to enhance information security and data protection risk control programs.
+ Monitor overall operational efficiency and initiates projects to improve performance.
+ Create minimum standards for information security professionals used by the organization licensees and create a certification program for such professional service providers.
+ Develop metrics to evaluate services provided by certified professional service providers of network security auditors and otherwise develop oversight procedures for third-party risk control professionals involved in performing compliance work related to the organization information security and data protection requirements.
+ Provide consultative guidance and direction to leadership on the utilization and capabilities of the organization's information security and data protection oversight activities.
+ Maintain awareness of potential cyber-attack technologies, methods, and signatures.
+ Direct the training of subordinate staff to ensure they are kept up to date with changes in information security and data protection. Prepares progress reports to inform management of project developments and deviations from objectives; consults with specialist or technical personnel to solve complex problems.
+ Possess a working knowledge of all the organization regulations, policies, and procedures.
+ Ensure that the objectives under the Information Security Department align with applicable laws, regulations, policies, and the organization's code of ethics.
+ Other projects assigned by the Chief Information Officer.
location: BOSTON, Massachusetts
job type: Contract
salary: $40 - 55 per hour
work hours: 8am to 4pm
education: Bachelors
responsibilities:
Duties and responsibilities include, but are not limited to, the following:
+ Plan, organize, and direct the analysis, design, development, implementation, and operation of information security and data protection requirements for MGC licensees.
+ Consult with ITS senior staff, operational experts, industry technical compliance, information security staff, and third-party security experts to determine information systems risk control requirements and the operational and oversight controls needed to verify compliance with the requirements.
+ Provide guidance and assistance to staff on resource capabilities relative to the risk control framework for information security and data protection practices of MGC licensees.
+ Research operational requirements related to information and data security risk control measures used in the gaming industry and develop performance metrics to evaluate the effectiveness of similar MGC requirements for its licensees.
+ Establish and maintain communication with peer gaming regulatory staff responsible for information and data security and leverage resources to promote efficiency and more effective oversight of common licensees.
+ Develop and oversee internal and external information security awareness training and educational activities relating to MGC's oversight of the gaming industry.
+ Review and recommend amendments to statutes and administrative rules that pertain to gaming industry information and data protection security.
+ Continuously review and update information security and investigations procedures to ensure compliance with all regulated and unregulated standards pertaining to the responsible operation of licensed gaming activities in Massachusetts.
+ Develop a plan for information security and data protection initiatives and create cost estimates, work plans, and timelines for MGC oversight and industry compliance education efforts.
+ Research new technologies to enhance MGC's information security and data protection risk control programs.
+ Monitor overall operational efficiency and initiates projects to improve performance.
+ Create minimum standards for information security professionals used by MGC licensees and create a certification program for such professional service providers.
+ Develop metrics to evaluate services provided by certified professional service providers of network security auditors and otherwise develop oversight procedures for third-party risk control professionals involved in performing compliance work related to MGC information security and data protection requirements.
+ Provide consultative guidance and direction to leadership on the utilization and capabilities of the MGC's information security and data protection oversight activities.
+ Maintain awareness of potential cyber-attack technologies, methods, and signatures.
+ Direct the training of subordinate staff to ensure they are kept up to date with changes in information security and data protection. Prepares progress reports to inform management of project developments and deviations from objectives; consults with specialist or technical personnel to solve complex problems.
+ Possess a working knowledge of all MGC Regulations, policies, and procedures.
+ Ensure that the objectives under the Information Security Department align with applicable laws, regulations, policies, and MGC's code of ethics.
+ Other projects assigned by the Chief Information Officer.
qualifications:
+ Experience level: Experienced
+ Education: Bachelors
skills:
+ Network SecurityEqual Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact [email protected] offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).Applications accepted on ongoing basis until filled.