DIRECTOR, IT SECURITY & COMPLIANCE

DIRECTOR, IT SECURITY & COMPLIANCE

Rohnert Park, CA Job Details Full-time 6 days ago Qualifications Hospitality Managerial strategic planning Strategic management PCI Regulatory compliance Cloud security management Internal compliance auditing IT strategy planning Collaborating with government agencies SOX Threat detection & response Information security compliance Training employees on security practices Team management NIST standards Security policy implementation Third-party risk management Business continuity planning Senior level Training Cross-functional collaboration Incident response implementation Tribal law & regulations Vendor risk management Cross-functional communication Internal audits IT security monitoring IT disaster recovery planning

Full Job Description Position Summary:

The Director, Information Security & Compliance establishes and leads the enterprise information security vision, strategy, and program to ensure the confidentiality, integrity, and availability of all digital assets across Graton Resort & Casino, FIGR Tribal government, and Tribal Gaming Commission, while maintaining a seamless guest experience in a highly regulated environment. The role ensures compliance with gaming regulations, privacy laws, and industry standards across casino systems, payment platforms, and guest-facing technologies. This position also safeguards Tribal assets and sovereignty, partnering closely with Tribal leadership, Gaming Commissions, and federal agencies to drive secure innovation and uphold trust.

Essential Functions:

1. Responsible for redefining hospitality at Graton Resort & Casino while living, supporting, and promoting our values. 2. Perform responsibilities in accordance with all Graton Resort & Casino standards, policies, and procedures. 3. Develop and execute a comprehensive cybersecurity strategy aligned with business goals, regulatory requirements, and guest experience priorities across the Graton Enterprise (this includes Graton Resort & Casino, FIGR Tribal government, and Tribal Gaming Commission). 4. Establish security policies and risk management frameworks consistent with Tribal Gaming Commission (TGC) regulations, NIGC guidelines, and industry standards (e.g., NIST). 5. Serve as the primary security liaison for executive leadership, Tribal Council, audit committees, and regulatory bodies. 6. Ensure cybersecurity compliance with gaming regulators, PCI, SOX, privacy laws, and internal policies. 7. Oversee secure management of systems and data including gaming systems, digital wallets, loyalty tools, and financial transaction platforms by developing and reviewing policies, SOPs, and internal auditing. 8. Build and lead a 24/7 security operations function with robust monitoring, threat detection, and rapid incident response capabilities. 9. Establish and test incident response playbooks integrated with business continuity and disaster recovery, including Tribal emergency coordination. 10. Safeguard sensitive personal data, payment systems, and identity management across hotel, casino, and online touchpoints; manage vendor risk and third-party/cloud security practices. 11. Champion a proactive cybersecurity culture through training, awareness, and certification programs; partner with cross-functional teams to enable secure digital innovation. 12. Stay current with gaming laws/regulations, auditing techniques, and IT trends; continuously review processes to align with best practices; perform other duties as assigned. 13. This job description is not an exclusive or exhaustive list of all job functions that a team member in this position may be asked to perform from time to time. Duties and responsibilities may be changed, expanded, reduced, or delegated by Management to meet the business needs of the property.