Logo
job logo

DIRECTOR, IT SECURITY & COMPLIANCE

Graton Resort & Casino, Rohnert Park, CA, United States

Overview

The Director, Information Security & Compliance establishes and leads the enterprise information security vision, strategy, and program to ensure the confidentiality, integrity, and availability of all digital assets across Graton Resort & Casino, FIGR Tribal government, and Tribal Gaming Commission, while maintaining a seamless guest experience in a highly regulated environment. The role ensures compliance with gaming regulations, privacy laws, and industry standards across casino systems, payment platforms, and guest-facing technologies. This position also safeguards Tribal assets and sovereignty, partnering closely with Tribal leadership, Gaming Commissions, and federal agencies to drive secure innovation and uphold trust.

Essential Functions

  • Responsible for redefining hospitality at Graton Resort & Casino while living, supporting, and promoting our values.
  • Develop and execute a comprehensive cybersecurity strategy aligned with business goals, regulatory requirements, and guest experience priorities across the Graton Enterprise (this includes Graton Resort & Casino, FIGR Tribal government, and Tribal Gaming Commission).
  • Establish security policies and risk management frameworks consistent with Tribal Gaming Commission (TGC) regulations, NIGC guidelines, and industry standards (e.g., NIST).
  • Serve as the primary security liaison for executive leadership, Tribal Council, audit committees, and regulatory bodies.
  • Ensure cybersecurity compliance with gaming regulators, PCI, SOX, privacy laws, and internal policies.
  • Oversee secure management of systems and data including gaming systems, digital wallets, loyalty tools, and financial transaction platforms by developing and reviewing policies, SOPs, and internal auditing.
  • Build and lead a 24/7 security operations function with robust monitoring, threat detection, and rapid incident response capabilities.
  • Establish and test incident response playbooks integrated with business continuity and disaster recovery, including Tribal emergency coordination.
  • Safeguard sensitive personal data, payment systems, and identity management across hotel, casino, and online touchpoints; manage vendor risk and third-party/cloud security practices.
  • Champion a proactive cybersecurity culture through training, awareness, and certification programs; partner with cross-functional teams to enable secure digital innovation.
  • Stay current with gaming laws/regulations, auditing techniques, and IT trends; continuously review processes to align with best practices; perform other duties as assigned.
  • This job description is not an exclusive or exhaustive list of all job functions that a team member in this position may be asked to perform from time to time. Duties and responsibilities may be changed, expanded, reduced, or delegated by Management to meet the business needs of the property.

#J-18808-Ljbffr