Senior Vice President, Information Security and Risk Officer

The Senior Vice President Chief Information Security and Risk Officer (SVP CISRO) is responsible for overseeing and maintaining an enterprise-wide information security management program to ensure information assets are adequately protected. This position is responsible for identifying, evaluating and mitigating information security and risks in a manner that meets compliance and regulatory requirements, and aligns with and supports the risk posture of the enterprise. The SVP CISRO proactively works with internal departments and stakeholders to implement cutting edge practices that meet defined policies and standards for information security. This position also oversees a variety of information security related risk management activities.The SVP CISRO serves as the process owner of all assurance activities related to the availability, integrity and confidentiality of enterprise partners, team members, patrons and information in compliance with San Manuel’s information security policies. A key element of the SVP CISRO's role is collaborating with other executive leaders to determine acceptable levels of risk for San Manuel.

Essential Duties & Responsibilities

• Oversee the development and implementation of a strategic, comprehensive enterprise information security and information security risk management program to ensure that the integrity, confidentiality and availability of information is owned, controlled or processed by the enterprise. Maintain a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection. Develop and enhance an information security management framework based on the following: National Institute of Standards and Technology (NIST) Cybersecurity Framework and ISO-27K standards as well as any requirements and best practices required by the San Manuel Gaming Commission.
• Establishes risk-related compliance goals and establish a roadmap for continuous program improvement.
• Directs risk assessment practices and procedures, as well as an annual risk prioritization process, through the oversight of the Enterprise Risk Management Committee.  Ensures assessments are conducted and coordinated with Tribal Governmental and business units to identify new/emerging risks and evaluate their potential impact on enterprise interests and objectives.
• Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
• Work directly with the business units to facilitate information security risk assessments and risk management processes, and work with stakeholders throughout San Manuel on identifying acceptable levels of residual risk. Provide regular reporting on the status of the information security program to the enterprise risk management team, senior Tribal Government Operations, Casino leaders and the Tribal Council as part of a strategic enterprise risk management program.
• Create and manage a unified and flexible control framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards and regulations. Build a metrics and reporting framework to measure the efficiency and effectiveness of the program, facilitate appropriate resource allocation, and increase the maturity of the Information Security Program.
• Oversees the management of security incidents and events to protect Tribal IT assets, including intellectual property, regulated data and San Manuel’s reputation.
• Oversee the maintenance of relevant threat intelligence feeds, e.g., from MS-ISAC, and monitor the external threat environment for emerging cyber threats.  Advise relevant stakeholders on the appropriate courses of action.
• Oversee and refine effective disaster recovery policies and standards to align with Business Continuity Management Program goals.  Coordinate the development of implementation plans and procedures to ensure that critical services are recovered in the event of a security event.  Provide direction, support and in-house consulting in these areas.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services, including, but not limited to, privacy, artificial intelligence, risk management, compliance and business continuity management.
• Perform related duties and fulfill responsibilities as required.

Supervisory Responsibilities

• Carries out supervisory responsibilities in accordance with San Manuel’s policies and applicable laws.  Responsibilities include scheduling, planning, assigning, directing work, and training employees; appraising performance; rewarding and disciplining employees; addressing complaints and resolving problems.

EDUCATION/EXPERIENCE/QUALIFICATIONS

• Bachelor’s Degree in Business Administration or an Information Technology-related field required. Master’s Degree a strong plus (MBA, Information Technology or Legal/Compliance related degree preferred).

• Minimum of fourteen (14) years of experience in a combination of information security, risk management, and IT related jobs. At least twelve (12) years of supervisory experience with a minimum of four (4) years in a senior leadership role. Employment history must demonstrate increasing levels of responsibility.

• Equivalent combination of education and progressive, relevant and direct experience may be considered in lieu of minimum educational/experience requirements indicated above.

• Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.

• Knowledge and understanding of relevant legal and regulatory requirements, such as Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry/Data Security Standard.

• Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT and ones from NIST.

• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.

• Poise and ability to act calmly and competently in high-pressure, high-stress situations.

• Must be a critical thinker, with strong problem-solving skills.

• Exhibit excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives.

• Project management skills: financial/budget management, scheduling and resource management.

• Ability to lead and motivate cross-functional, interdisciplinary teams to achieve tactical and strategic goals.

• Experience with contract and vendor negotiations.

• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.

• High degree of initiative, dependability and ability to work with little supervision.

CERTIFICATES/LICENSES/REGISTRATIONS

• At the discretion of the San Manuel Tribal Gaming Commission you may be required to obtain and maintain a gaming license.

• Professional security management certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials, is desired.

San Manuel will make reasonable accommodations in compliance with applicable law.

As one of the largest private employers in the Inland Empire, San Manuel deeply cares about the future, growth and well-being of its employees. Join our team today!