Internal Audit

About NRT

NRT is one of the 50 Best Managed Companies, and we're looking for a dynamic candidate who is motivated and passionate about working for a FinTech leader

NRT provides next-generation commerce and information-enabling experiences for enterprise customers around the world. Our solutions include secure payment systems, specialized financial and marketing kiosks, AML compliance tracking and reporting tools, digital gamification and mobile experiences, intelligent table game platforms, credit/marker information services and electronic marker solutions. We work with hundreds of casinos throughout North and South America, Asia and beyond.

We offer a competitive salary, group benefits (health, vision, dental and life insurances), career advancement opportunities, and an exciting environment. Individual and creative contributions to our company objectives are highly encouraged and recognized. You can read more about us at:

Reporting directly to SVP, IT Infrastructure and their designates, the Internal Audit & Compliance Specialist will be a key member of Security and Compliance team to analyze, assess and design effective security controls to help achieve PCI compliance, privacy compliance, and to improve enterprise-wide security.

Core Responsibilities

• Develop methods to monitor and measure risk, compliance, and assurance efforts
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
• Draft statements of preliminary or residual security risks for system operation
• Maintain information systems assurance and accreditation materials (PA-DSS, PCI-DSS, SOC, ISO27001 etc.)
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements
• Assess the effectiveness of security controls
• Perform reviews, identify gaps in software architecture, and develop a risk management plan
• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy
• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change
• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations

Qualifications

• 5+ years' experience in Information Security and performing compliance assessments
• Master's degree in information security or equivalent
• 5+ years' experience of Level-1 assessment experience with solid understanding of PCI-DSS and PA-DSS
• Proven experience with Information Security Management System (SOC2 Type 2, ISO 27001)
• Experience with Cryptography
• One of the certifications: CSSLP, CASE, GSSP, GWEB, CEH, OSCP, PenTest+ or GPEN
• Experience with network architectures and network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations
• Experience with audit experience for cloud computing environments (e.g., AWS, MS Azure, Google Cloud)
• Experience with IT security principles and methods (e.g., firewalls, DMZ, encryption)
• Experience with cyber defense and vulnerability assessment tools, including open source tools, and their capabilities (Nexpose, Nessus etc.)
• Hands-on experience with penetration testing tools (Metasploit, Nessus etc.)
• Knowledge of Risk Management Framework (RMF) requirements
• Ability to work collaboratively with key stakeholders and other team members
• Excellent time management, written documentation, and oral presentation skills

Certifications (at least one from each group below)

• Current PCI-QSA or PCI-ISA qualification
• Information Security: CISSP, CISM, ISO 27001 LI, RISS, CRISC
• Audit: CISA, GSNA, ISO 27001 LA/IA, IRCA ISMS Auditor, IIA CIA

This is an existing vacancy. The base salary range for this role listed is based on market indicators to determine compensation, and an offer will consider various factors including experience, qualifications, skills, and training. Our comprehensive and competitive benefits package includes medical, dental and vision insurance for employees and their family, paid time off, and a variety of other perks.

NRT is an equal opportunity employer and does not use AI within its hiring process in most cases. In a case where AI is utilized to assess a candidate during the process, an advanced notice will be provided. It is NRT's policy to recruit and select applicants for employment solely on the basis of their qualifications, with emphasis on selecting the best-qualified person for the job. NRT does not discriminate against applicants based on race, color, religion, sex, sexual orientation, national origin, or disability or any other status or condition protected by applicable law. NRT welcomes and encourages applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.

NRT would like to thank all applicants for applying, but only those applicants best suited for the position will be contacted.