Internal Audit & Compliance Specialist

About NRT At NRT, we build more than solutions: we build up each other. NRT is a worldwide leader in future-ready FinTech and Information Technology designed to elevate and enhance the enterprise gaming industry. Our next-generation solutions encompass every aspect of the modern integrated resort, including secure payment systems, AML compliance and reporting tools, credit information and electronic marker services to intelligent and engaging table game platforms, dynamic financial and marketing kiosks, and our completely customizable digital gamification and mobile experiences. NRT has acquired JOINGO®, a revolutionary resort app engagement platform dedicated to unifying guest experiences, offering a seamless experience from booking to checkout through App Builder, which has more than 100 third-party integrations which are unmatched in the industry. Our strategic partnerships have resulted in the most convenient, reliable, and secure omni-channel payment ecosystem in the industry. Our collective solutions are used by casinos, race and sports operators, lotteries, banks, and retailers-- globally-- to dazzle their guests. We’re dedicated to building a better future for all, including environmental initiatives designed to reduce our carbon footprint. Some of our actionable initiatives include utilizing green energy, digitizing our internal processes, and implementing our unique cashless solutions. NRT believes in the value of connection and community. We believe that our diversity in skills and background make us a unique and formidable culture. Additionally, we believe in encouraging the growth of individual development, and recognize that our success depends on developing each other. We know that to be the innovative FinTech leader that we are, it’s all hands on deck. NRT knows that to stand firm, we need to stand together.  Our innovative products and success allow us to reward you with competitive salaries, paid time off, individual growth plans, community sharing, collaboration, Health Benefits (including medical, vision, dental, EAP, etc) and more.  NRT has metrics designed to get you to where you want to be in your career, and we are your biggest advocate for professional development. We provide training, product knowledge demos, tiered-lever skill building, development workshops, teambuilding exercises, webinars, collaboration, and more. Joining NRT is more than a job: it’s an opportunity to grow and discover. To learn more about who we are and what we do, visit our website at www.nrttech.com.  Reporting directly to SVP, IT Infrastructure and their designates, the Internal Audit & Compliance Specialist will be a key member of Security and Compliance team to analyze, assess and design effective security controls to help achieve PCI compliance, privacy compliance, and to improve enterprise-wide security. Core Responsibilities Develop methods to monitor and measure risk, compliance, and assurance efforts Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level Draft statements of preliminary or residual security risks for system operation Maintain information systems assurance and accreditation materials (PA-DSS, PCI-DSS, SOC, ISO27001 etc.) Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements Assess the effectiveness of security controls Perform reviews, identify gaps in software architecture, and develop a risk management plan Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations Qualifications 5+ years’ experience in Information Security and performing compliance assessments Master’s degree in information security or equivalent 5+ years’ experience of Level-1 assessment experience with solid understanding of PCI-DSS and PA-DSS Proven experience with Information Security Management System (SOC2 Type 2, ISO 27001) Experience with Cryptography One of the certifications: CSSLP, CASE, GSSP, GWEB, CEH, OSCP, PenTest+ or GPEN Experience with network architectures and network device (Firewalls/ Switches/ Routers/ IDS/IPS/ Load Balancers etc.) and Servers/ Virtualization Devices configurations Experience with audit experience for cloud computing environments (e.g., AWS, MS Azure, Google Cloud) Experience with IT security principles and methods (e.g., firewalls, DMZ, encryption) Experience with cyber defense and vulnerability assessment tools, including open source tools, and their capabilities (Nexpose, Nessus etc.) Hands-on experience with penetration testing tools (Metasploit, Nessus etc.) Knowledge of Risk Management Framework (RMF) requirements Ability to work collaboratively with key stakeholders and other team members Excellent time management, written documentation, and oral presentation skills Certifications (at least one from each group below) Current PCI-QSA or PCI-ISA qualification Information Security: CISSP, CISM, ISO 27001 LI, RISS, CRISC Audit: CISA, GSNA, ISO 27001 LA/IA, IRCA ISMS Auditor, IIA CIA This is an existing vacancy. The base salary range for this role listed is based on market indicators to determine compensation, and an offer will consider various factors including experience, qualifications, skills, and training. Our comprehensive and competitive benefits package includes medical, dental and vision insurance for employees and their family, paid time off, and a variety of other perks. NRT is an equal opportunity employer and does not use AI within its hiring process in most cases. In a case where AI is utilized to assess a candidate during the process, an advanced notice will be provided. It is NRT’s policy to recruit and select applicants for employment solely on the basis of their qualifications, with emphasis on selecting the best-qualified person for the job.  NRT does not discriminate against applicants based on race, color, religion, sex, sexual orientation, national origin, or disability or any other status or condition protected by applicable law. NRT welcomes and encourages applications from people with disabilities.  Accommodations are available on request for candidates taking part in all aspects of the selection process. NRT would like to thank all applicants for applying, but only those applicants best suited for the position will be contacted.