Internal Audit & Compliance Specialist

Internal Audit & Compliance SpecialistAbout NRTNRT is one of the 50 Best Managed Companies and were looking for a dynamic candidate who is motivated and passionate about working for a FinTech leader!NRT provides next-generation commerce and information-enabling experiences for enterprise customers around the world. Our solutions include secure payment systems specialized financial and marketing kiosks AML compliance tracking and reporting tools digital gamification and mobile experiences intelligent table game platforms credit/marker information services and electronic marker solutions. We work with hundreds of casinos throughout North and South America Asia and offer a competitive salary group benefits (health vision dental and life insurances) career advancement opportunities and an exciting environment. Individual and creative contributions to our company objectives are highly encouraged and recognized. You can read more about us at: directly to SVP IT Infrastructure and their designates the Internal Audit & Compliance Specialist will be a key member of Security and Compliance team to analyze assess and design effective security controls to help achieve PCI compliance privacy compliance and to improve enterprise-wide ResponsibilitiesDevelop methods to monitor and measure risk compliance and assurance effortsDevelop specifications to ensure risk compliance and assurance efforts conform with security resilience and dependability requirements at the software application system and network environment levelDraft statements of preliminary or residual security risks for system operationMaintain information systems assurance and accreditation materials (PA-DSS PCI-DSS SOC ISO27001 etc.)Monitor and evaluate a systems compliance with information technology (IT) security resilience and dependability requirementsAssess the effectiveness of security controlsPerform reviews identify gaps in software architecture and develop a risk management planPerform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategyPerform risk analysis (e.g. threat vulnerability and probability of occurrence) whenever an application or system undergoes a major changePlan and conduct security authorization reviews and assurance case development for initial installation of systems and networksVerify that application software/network/system security postures are implemented as stated document deviations and recommend required actions to correct those deviationsQualifications5 years experience in Information Security and performing compliance assessmentsMasters degree in information security or equivalent5 years experience of Level-1 assessment experience with solid understanding of PCI-DSS and PA-DSSProven experience with Information Security Management System (SOC2 Type 2 ISO 27001)Experience with CryptographyOne of the certifications: CSSLP CASE GSSP GWEB CEH OSCP PenTest or GPENExperience with network architectures and network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurationsExperience with audit experience for cloud computing environments (e.g. AWS MS Azure Google Cloud)Experience with IT security principles and methods (e.g. firewalls DMZ encryption)Experience with cyber defense and vulnerability assessment tools including open source tools and their capabilities (Nexpose Nessus etc.)Hands-on experience with penetration testing tools (Metasploit Nessus etc.)Knowledge of Risk Management Framework (RMF) requirementsAbility to work collaboratively with key stakeholders and other team membersExcellent time management written documentation and oral presentation skillsCertifications (at least one from each group below)Current PCI-QSA or PCI-ISA qualificationInformation Security: CISSP CISM ISO 27001 LI RISS CRISCAudit: CISA GSNA ISO 27001 LA/IA IRCA ISMS Auditor IIA CIAThis is an existing vacancy. The base salary range for this role listed is based on market indicators to determine compensation and an offer will consider various factors including experience qualifications skills and training. Our comprehensive and competitive benefits package includes medical dental and vision insurance for employees and their family paid time off and a variety of other is an equal opportunity employer and does not use AI within its hiring process in most a case where AI is utilized to assess a candidate during the process an advanced notice will be provided. It is NRTs policy to recruit and select applicants for employment solely on the basis of their qualifications with emphasis on selecting the best-qualified person for the job. NRT does not discriminate against applicants based on race color religion sex sexual orientation national origin or disability or any other status or condition protected by applicable law. NRT welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection would like to thank all applicants for applying but only those applicants best suited for the position will be contacted.