IT Systems Security Officer
October 2014 – Present
IT/Information Systems Security Officer (ISSO) (Full-Time)
• Serving as the official contact for information security, compliance and data privacy issues, including reporting to, and assisting law enforcement officials. Responsible for property-wide IT systems security, managing multiple projects and directing the work of others while applying my expertise and experience, and supporting over 2,400+ end users and over 120+ Servers, and assisting outside vendors with remote services and needs through VPN
• Conduct Reviews of system logs of user access, security incidents, and unusual transactions and anomalies and report to upper management for review and mitigation, and also review network and system security roles and modify and update network and system changes as seen fit
• Conducts routine information systems audits for user access and permissions and quarterly IT security compliance reviews as required by the state gaming commission and State Police
• Performs PCI DSS Compliance audits and reviews, which involves scanning PC’s and workstations for payment card information, and mitigating any that are found, reducing the attack vectors for which payment information can be compromised by hardening workstations and using PPoE on payment terminals, changing default logins, maintain antivirus control, enforcing authentication and accounting, and authorization or terminals used to process PII, and limiting access to payment card information on a need to know basis. Reporting and making recommendations on how to protect PII. Conduct End-User training on PCI Compliance and proper ways of handling payment cards.
• Coordinating the development of the licensee's information security policies, standards, and procedures and Coordinating the development of an education and training program on information security and privacy matters for employees and other authorized users