|Preferred GIAC Certifications||GMON|
The Cybercrime Manager works as a member of the Security management team to provide cybercrime expertise for the Lottery which includes evaluating cybercrime threats and ensuring the fairness, integrity, security, and honesty of the Lottery. This position will work collaboratively with Information Security in evaluating threats and creating mitigations for those threats. The position will also manage the security review of vendors, manage and develop the Security Review Program, and oversee the security of Lottery games by ensuring compliance with MUSL standards.
Under general direction from the Assistant Director of Security, this position requires the ability to work independently, in a consultative role on project teams, and in partnership with the IT Security team and other teams throughout the organization to develop and effectively management the Enterprise Security Program. Work is guided by established security standards and procedures, industry best practices, enterprise risk management, Lottery policies and procedures and direction from the Assistant Director of Security. The position researches, recommends and implements business solutions that ensure the Lottery’s mission as it relates to gaming system security and integrity is maintained while also meeting complex business needs in the most efficient manner. The position exercises leadership on enterprise and department projects for Enterprise Security Program objectives through effective use of technical, team coordination and collaboration, and documentation skills.
PRINCIPAL ACCOUNTABILITIES (*ESSENTIAL FUNCTIONS):
1. *Apply Lottery Management Core Values and Expectations in performing daily activities. Ensure conduct embodies the principles of fairness, integrity, security, and honesty. Support and integrate into the work the Lottery’s commitment to:
o Responsible Gambling
o Diversity, Equity, and Inclusion
o Culture of Safety
2. *Provide cybercrime expertise to ensure the Enterprise Security Program takes such threats into consideration.
Participate on project teams to evaluate programs related to the Enterprise Security Program, with a broad organization wide view while ensuring projects are in alignment with Lottery risk tolerance. Provide input on cybercrime threats and make recommendations to mitigate possible cybercrime concerns. Develop, recommend, and implement business initiatives necessary to safeguard Lottery facilities and personnel from cybercrime threats and to assure the fairness, integrity, security and honesty (FISH) of Lottery business operations. Continually develop skills and knowledge in cybercrime best practices and associated technologies.
3. *Review and perform threat analysis on cybercrime incidents. Collaborate with IT and others on protections and mitigations for threats.
Perform cybercrime threat assessments from an organization wide perspective. Review vulnerability and threats related to Lottery employees, vendors, players and retailers. Act as the subject matter expert from the investigative perspective in the review and management of cybercrime incidents and escalate critical incidents to management. Related to cybercrime, identify obvious threats as well as false-positives and perform necessary incident response and root cause analysis. Coordinate incident response activities as appropriate.
In partnership with IT Security provide oversight of forensic activities in support of cybercrime incidents. Develop and implement procedures to streamline, automate and document tasks and processes. Collect and document forensic artifacts to support the investigative effort. Conduct interviews of those people involved in an event or incident. Develop and maintain procedures on proper evidence collection and retention. Maintain awareness of potential cyber-attack technologies, methods and signatures.
Develop, maintain and review organization wide cybercrime metrics including trends and collaborate with IT and other business owners to identify needed technology or process enhancements. Update assigned metrics associated with cybercrime controls.
4. *Manage cyber security review of vendors.
Review cyber health of vendors during the background investigation process. Collaborate with Information Security on vendor expectations for vendor IT security controls. Provide ongoing review of vendors cyber health throughout their contract with Lottery. Provide findings and recommendations to the AD of Security about possible concerns.
5. *Manage and develop maturity of Security Review Program.
Manage the Security Review Program including the review of potential security issues and establish a participatory problem-solving process with the management team to effect resolutions. Review the IT Security Program Plan for alignment with the Security Review Program and work with IT to ensure effective integration between the plans. Track and monitor for compliance. Ensure manuals relevant to security and emergency operations are kept current and accessible. Ensure that procedures are clear and documented. Support the development of the Security Department Strategic Plan, gather and analyze activity statistics and quality of service information. Develop quarterly report-out for AD of Security.
6. *Oversee Security in the Lottery games and adherence to MUSL standards.
Define security requirements for gaming systems. Review contracts to ensure security concerns are addressed. Oversee all drawing related activities including the Lockdown Alternative to ensure processes are being followed and MUSL standards are being met. Review recommendations and provide input Assistant Director of Security. Provide security input, analysis and/or research when requested for any possible security problems/concerns that may come up with the gaming system and VLT system, equipment and games.
7. *Manage assigned staff.
Set clear performance expectations for staff, provide training, complete timely performance reviews, hire new staff, coach, counsel, and discipline staff in accordance with Lottery policy and procedure, meet with direct reports on a regular basis to ensure instructions are understood, recognize individual effort, correct the course if required, and evaluate overall program effectiveness.
8. *Provide technical guidance and support to Lottery staff and customers.
Collaborate with Information Security on the Security Awareness and Training Program to ensure Cybersecurity threats are adequately considered in the program and associated trainings/campaigns.
9. Perform other duties as assigned.
10. Required to carry a mobile device and provide on-call support related to cyber security incident response during business and non-business hours.
The Cybercrime Manager interacts with all levels of Lottery staff, vendors, and customers to perform essential job duties. This is done in person, by telephone or through electronic and written communications.
Work is typically performed in an office environment with occasional work in a vendor, retailer, or data center environment. Occasionally required to move up to 30 pounds of equipment. Typically works under time frames that can result in a stressful work situation. Occasional travel required for vendor visits, training purposes or retailer visits. Assignments may require travel in inclement weather and unpredictable road conditions. Vital to be available to respond after hours based on Lottery needs.
A Bachelor’s degree and five (5) years of cybercrime experience and at least five years of law enforcement experience. Prior supervisory experience is required; OR
An Associate’s degree and six (6) years of cybercrime experience and at least five years of law enforcement experience. Prior supervisory experience is required.
GIAC Security Certification preferred
• Demonstrated skill in investigating and recovering from a cyber incident.
• Ability to research attack patterns and understand an attacker’s Tactics, Techniques and Procedures.
• Demonstrated skill to provide expert investigative support for security incidents.
• Ability to use online sources for reliable analysis of emerging threats
• Ability to work with IT security teams to design new controls and procedures to prevent future occurrences of common threats.
• Ability to define and continuously improve processes to enhance efficient threat hunting operations.
• Demonstrated skill and experience with cybercrime/ cybersecurity principles, industry standards and best practices.
• Demonstrated technical lead / project leader experience in planning, implementing, and supporting cyber security tools.
• Demonstrated skill in effective written and verbal communication.
• Demonstrated skill in obtaining results by influencing and coordinating the work of other staff.
• Experience in developing and maintaining standards, procedures and technical documentation associated with cyber security controls.
• Demonstrated skill effectively coordinating work on multiple and diversified tasks while working with conflicting priorities and deadlines.
• Ability to anticipate, identify and manage cybercrime or other issues that may adversely impact Lottery operations or projects.
• Ability to balance business requirements and security risks
• Ability to learn and work within specific rules, regulations, policies and standards.
• Demonstrated skill in diplomacy and negotiation.
• Demonstrated skill in team building.
• Demonstrated skill in budgeting.
• Demonstrated skill in managing change.