“Incumbent serves as the Chief Information Security Officer (CISO) for the National Indian Gaming Commission (NIGC) and leads the Cybersecurity program within the Division of Technology (DoT) under the Office of the Chief of Staff. The DoT provides the agency with Information Technology (IT) services across eight regional offices and conducts IT and Criminal Justice Information Services (CJIS) audits, vulnerability assessment services, and technical operations and assistance to external and internal stakeholders. The Division also processes Freedom of Information Act (FOIA) requests and is responsible for Privacy Act and Records Management compliance for the agency. This CISO develops and implements cybersecurity strategies and policies for the agency.18
- The CISO provides leadership and guidance for the Division of Technology in all information security matters to include managing and maintaining awareness of current IT threats and vulnerabilities impacting agency users and staff. Develops, through consultation with the agency leadership, the strategic direction on cybersecurity policy and guidance for all information processing standards and communication systems for the agency.
- Implements and maintains the NIGC cybersecurity program involving the full range of policy development, information security training, and security enforcement and monitoring of NIGC information technology systems. Supports the enterprise vision and strategy to ensure information assets are identified and systems are adequately protected.
- Oversees the design, deployment, and maintenance of security controls implemented in IT systems essential for supporting the NIGC mission and statutory requirements of the Indian Gaming Regulatory Act and NIGC Regulations. Provides expert analysis, advice, and recommendations to NIGC leadership on securing tribal gaming technology. Assists in the development of information technology regulatory control standards for the Indian gaming industry as it relates to information security and cybersecurity.
- Develops guidelines for implementing broad agency-wide directives and makes decisions or recommendations that significantly influence important agency IT policies. Aligns agency internal business practices with government-wide regulations and policy.
- Ensures the agency is in compliance with OMB Circular A-130, FISMA, the agency’s IT Security Plan, Executive Presidential orders on cybersecurity and other applicable regulations, policies and procedures.
- Cybersecurity program duties include development of security policies, standards, architecture, practices and procedures compliant with all applicable policies, rules, regulations and laws; ongoing testing and accreditation of security practices and systems; administration and support for operational security systems; independent assurance of program-wide compliance; and security monitoring and incident response management. Ensures reporting of security program performance, cost tracking, and periodic status presentations to senior leadership.
- Maintains contact with manufacturers, professional groups, and user groups to ensure that the agency has knowledge of efficient, economical information handling capabilities. Provides oversight, and promotes the use of innovative technologies using secure, risk based methodologies to ensure that information and records are secure, properly managed, and readily accessible.
- Establishes cybersecurity baselines and standards for all NIGC operating systems, security architecture, cyber risk and intelligence, data loss and fraud prevention techniques, identity and access management protocols, and communication platform services.