Photo of San Manuel Band of Mission Indians, Highland, CA

Senior Vice President, Information Security and Risk Officer

San Manuel Band of Mission Indians

26569 Community Center Drive
Highland, CA 92346

Tribe
Save this job
Tiempo Completo

The Senior Vice President Chief Information Security and Risk Officer (SVP CISRO) is responsible for overseeing and maintaining an enterprise-wide information security management program to ensure information assets are adequately protected. This position is responsible for identifying, evaluating and mitigating information security and risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The SVP CISRO proactively works with internal departments and stakeholders to implement cutting edge practices that meet defined policies and standards for information security. This position also oversees a variety of information security related risk management activities.The SVP CISRO serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of enterprise partners, team members, patrons and information in compliance with San Manuel’s information security policies. A key element of the SVP CISRO's role is collaborating with other executive leaders to determine acceptable levels of risk for San Manuel.

Essential Duties & Responsibilities

  • Oversee the development and implementation of a strategic, comprehensive enterprise information security and information security risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the enterprise. Maintain a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection. Develop and enhance an information security management framework based on the following: National Institute of Standards and Technology (NIST) Cybersecurity Framework and ISO-27K standards as well as any requirements and best practices required by the San Manuel Gaming Commission.
  • Establishes risk-related compliance goals and establish a roadmap for continuous program improvement.
  • Directs risk assessment practices and procedures, as well as an annual risk prioritization process, through the oversight of the Enterprise Risk Management Committee.  Ensures assessments are conducted and coordinated with Tribal Governmental and business units to identify new/emerging risks and evaluate their potential impact on enterprise interests and objectives.
  • Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Work directly with the business units to facilitate information security risk assessments and risk management processes, and work with stakeholders throughout San Manuel on identifying acceptable levels of residual risk. Provide regular reporting on the status of the information security program to the enterprise risk management team, senior Tribal Government Operations, Casino leaders and the Tribal Council as part of a strategic enterprise risk management program.
  • Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. Build a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the Information Security Program.
  • Oversees the management of security incidents and events to protect Tribal IT assets, including intellectual property, regulated data and San Manuel’s reputation.
  • Oversee the maintenance of relevant threat intelligence feeds, e.g., from MS-ISAC, and monitor the external threat environment for emerging cyber threats.  Advise relevant stakeholders on the appropriate courses of action.
  • Oversee and refine effective disaster recovery policies and standards to align with Business Continuity Management Program goals.  Coordinate the development of implementation plans and procedures to ensure that critical services are recovered in the event of a security event.  Provide direction, support and in-house consulting in these areas.
  • Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, artificial intelligence, risk management, compliance and business continuity management.
  • Perform related duties and fulfill responsibilities as required.

Supervisory Responsibilities

  • Carries out supervisory responsibilities in accordance with San Manuel’s policies and applicable laws.  Responsibilities include scheduling, planning, assigning, directing work, and training employees; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

EDUCATION/EXPERIENCE/QUALIFICATIONS

• Bachelor’s Degree in Business Administration or an Information Technology-related field required. Master’s Degree a strong plus (MBA, Information Technology or Legal/Compliance related degree preferred).

• Minimum of fourteen (14) years of experience in a combination of information security, risk management, and IT related jobs. At least twelve (12) years of supervisory experience with a minimum of four (4) years in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.

• Equivalent combination of education and progressive, relevant and direct experience may be considered in lieu of minimum educational/experience requirements indicated above.

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• Poise and ability to act calmly and competently in high-pressure, high-stress situations.

• Must be a critical thinker, with strong problem-solving skills.

• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Project management skills: financial/budget management, scheduling and resource management.

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

• Experience with contract and vendor negotiations.

• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

• High degree of initiative, dependability and ability to work with little supervision.

CERTIFICATES/LICENSES/REGISTRATIONS

• At the discretion of the San Manuel Tribal Gaming Commission you may be required to obtain and maintain a gaming license.

• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.

San Manuel will make reasonable accommodations in compliance with applicable law.

As one of the largest private employers in the Inland Empire, San Manuel deeply cares about the future, growth and well-being of its employees. Join our team today!

Publicado 1 De Noviembre De 2024

San Manuel Band of Mission Indians

The San Manuel Band of Mission Indians is a federally-recognized Indian tribe located on the San Manuel Indian Reservation near Highland, California.  San Manuel exercises its inherent sovereign right of self-governance and provides essential services for its citizens by building infrastructure, maintaining civil services, and promoting social, economic, and cultural development.  

 The Serrano people of San Manuel have called this area home since time immemorial and are committed to remaining a productive partner in the San Bernardino region. The Reservation, once only 640 acres, is now over 1,100 acres in size. 

The call of Yawa’ – to act upon one’s beliefs – inspires the Tribe to give back to the areas they call home and support organizations working to create a better tomorrow in the Inland Empire and Indian Country. 

Our support is directed to organizations providing services in San Bernardino and Riverside counties, including:

  •         501(c)(3) nonprofit organizations
  •         Public schools
  •         Private schools
  •         Charter schools, and 
  •         Local government agencies

The Tribe also operates Yaamava' Resort & Casino at San Manuel (formerly known as San Manuel Casino®), the Palms Casino Resort, as well as other enterprises. 

We value our employees and offer a comprehensive Benefits Program

Our team members enjoy a competitive base salary, an annual discretionary performance bonus, and an annual merit increase as part of our total rewards package. Additionally, San Manuel supports team members' financial health through 401(k) retirement savings plans that offer a 2% core discretionary contribution and matching, and a host of other services - from discounts to tuition assistance.

Apply today to join our team!