Summary of the role
The primary responsibility of the Governance Analyst is to perform duties in one or more of the following areas: vulnerability management, cyber data governance, risk and verification, cyber policy/standards/standard operating procedures development, and penetration testing and red teaming. All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures.
Job Scope
This Analyst is expected to perform within the areas of at least one of the following:
- Cyber governance, risk and verification which performs risk assessments, system security and industrial control system zone security plans including listing controls, gaps in implemented controls and tracking remediation of gaps, and provides input to the risk register
- Network and Operating Systems Security Configuration assessment which performs security configuration reviews including hardening controls, firewall rules review, web/application security configurations
- Penetration testing and red teaming which includes performing security testing to identify security vulnerabilities on LVSC applications and environment, providing recommendations for remediation, and tracking and remediating found issues.
- Cyber policy/standard and standard operating procedure creation, review, distribution, and maintenance
- Vulnerability management which includes successfully scanning the LVSC computing environment for secure configurations and vulnerabilities, researching and eliminating false positives, tracking and remediating found issues, and tracking and performing the exception processes
- Performs other related duties as assigned.
Job Requirements
- Minimum diploma with at least 5 - 8 years cyber security hands-on experience in one or more of the areas listed in place of a degree.
- Preferrable to have a current and in good standing CISSP or similar certification, and Offensive Security (OSCP, OSWE, OSEP) or Crest (CRT, CCT) certifications
- Demonstrated experience in at least 1 area in the following list:
- Cyber Vulnerability Management
- Cyber Governance, Risk and Verification
- Cyber Policy/Standard/Standard Operating Procedures
- Cyber Penetration Testing and Red Teaming
- Working knowledge of threats and vulnerabilities and their significance to cyber risk, network operations, and end-point security
- Strong interpersonal skills with the ability to communicate effectively with guests and other Team Members of different backgrounds and levels of experience.
Marina Bay Sands is committed to building a diverse, equitable and inclusive workforce, providing equal opportunities as we grow our talent base to match our growth ambitions in Singapore. Our employees are committed to adhere to and abide by all rules, regulations, policies and procedures, including the rules of conduct and business ethics of the Company.
