IT Security and Compliance Officer - North York, Canada - Pinnacle

Pinnacle

Verified Company

North York, Canada

2 weeks ago

Posted by:

Sophia Lee

beBee Recruiter

Description

Welcome to Pinnacle, the ultimate destination for sports enthusiasts seeking an exhilarating sportsbook and gaming experience

Established in 1998, we have solidified our position as one of the globe's foremost licensed online gaming companies. With our cutting-edge offerings, we guarantee an electrifying experience that will keep you on the edge of your seat.

Pinnacle invites you to join our team and become an instrumental figure in the exciting realm of sports betting.

Our vibrant team is fueled by passion and driven by innovation, working together to redefine the landscape of sports betting and gaming.

Together, we constantly strive to surpass limitations and deliver unparalleled experiences to sports enthusiasts worldwide. Prepare yourself for a thrilling journey and discover sports in an entirely new dimension with Pinnacle

Job Purpose

The Network and Security Compliance Officer plans, executes, and manages multi-faceted projects related to security standards compliance, risk management, mitigation and response, control assurance, and user awareness.

Individuals also select and implement appropriate tools for necessary surveillance and monitoring of the computing environment.

Primary responsibilities will include the analysis of the organization's infrastructure at all locations in order to identify gaps in security standards compliance.

They participate in capacity planning, support the creation and the maintenance of systems and network disaster recovery plans and monitor all related activities.

They also screen the network for attempted intrusions as well as design and implement appropriate network security measures and procedures.

Individuals develop network, system, and physical security policies and procedures such as user log-on and authentication rules, security breach escalation procedures, security assessment procedures and use of firewalls and encryption routines.

They perform security assessments and security attestations.

Individuals act as project team members, depending on the scope of the project. They demonstrate a high level of knowledge surrounding IT procedures, risk assessments, and general system and network security. They are also skilled in the use of auditing tools and software aids for the investigation of network problems.

They must keep abreast of new technologies and may identify and implement new technologies and processes that maintain the security and compliance of the IT infrastructure.

To enforce security policies and procedures, they monitor data security profiles on all platforms by reviewing various log files, security violation reports and investigating security exceptions.

They update, maintain and document security controls and provide direct support to the organization and internal IT groups.

Duties and Responsibilities

Create and update information security policies and procedures
Conduct internal audits to ensure that nonconformities are identified and remediated
Develop metrics/KPIs to report on security and privacy compliance performance
Maintain compliance with security standards and licensing requirements including ISO 27001, MGA, PCI-DSS and GDPR
Coordinate preparation for annual ISO, MGA, and other certification audits
Administer third party security programs including vulnerability scans, security information and event management (SIEM), File integrity monitoring (FIM) and penetration testing
Identify opportunities for improvement in security practices and operational processes
Responsible for the Security Awareness and other mandatory security training programs
Participate in Incident Management and Risk remediation activities
Active participation in Vulnerability Assessment process and SIEM process. Conduct regular review of vulnerability and security log reports, create mitigation actions, monitor for completion
Collaboration with Legal and other departments to ensure continued regulatory and contractual compliance with information security requirements
Ensures security best practices are followed for production environments
Support procedures for managing alerts, reports and incidents
Address security incident reports and handle first response and action
Documenting, tracking and investigating information security events, requests, and incidents
Maintaining and monitoring SIEM systems including creating scheduled reports and alerts
Monitoring IDS/IPS alerts and investigating issues with relevant IT teams
Monitoring bot mitigation alerts and advising on proper action.
Monitoring and investigating alerts in the data leak prevention system.
Monitor systems for any anomalies, proper updating, and patching
Monitor vendor websites for potential threat alerts and software upgrades
Maintains system documentation and configuration data for regulatory and audit purposes
Researching and recommending new security protocols and technologies
Other duties as assigned.

**Competencies, Skills, and