3-5 years of experience
Concerned about your lack of experience? Learn More...
Employment Type:
Full time
Job Category:
Information Services
See more jobs for students and recent grads who studied:
Governance, Risk and Verification Analyst
LAS VEGAS SANDS CORP. | Las Vegas, New Mexico
Tell Us More About Your Job Preferences
By telling us what you think of this job, we can help find jobs that match your interests. If you want to see more jobs like this, click on the smiley face. Or if this job isn't what you are looking for, click the frowny face. Learn More...

Follow This Company

Job Description

Position Overview

The Governance, Risk, and Verification(GRV) Analyst provides technical and business support to the Global Cyber Security Team for risk management tools and processes at all LVSC properties. This role is tasked with implementing, and maintaining the risk management tools.  The GRV Analyst will create and maintain all of the processes and procedures for the use of the tools.  This position is considered the subject matter expert (SME) for the risk management tools and all of the processes and procedures that support them. All duties are to be performed in accordance with departmental and Las Vegas Sands Corp.’s policies, practices, and procedures.  

Essential Duties & Responsibilities

Key Performance Objectives


  • This position will be part of the team that is responsible for establishing and maintaining an enterprise GRV vision, strategy, and program.


Key Responsibilities


  • This SME will work with the Cyber team members and IT to design, deploy, configure and maintain Governance, Risk, and Verification hardware, software, and processes, including:



  • Functional and technical requirements gathering and documentation.
  • Workflow creation and documentation.
  • Coordinate the design of technical and documentation feeds to the tool.  Must have experience with data feeds/ APIs, Data Driven Events, and configuration for data feeds.
  • Tool deployment testing – user, functional, and technical testing.
  • Project management skills including regular status reporting in accordance with the direction given by the Executive Director Governance and Risk.
  • Create and communicate the processes and procedures that are internal to the team and to external tool users.
  • Create, test, and deploy tool training in coordination with the Cyber Training Sr. Manager.
  • Create and report project progress metrics.
  • Track and follow-up on all due dates for risk cycle activities.
  • Responsible for on-going support of the tool, and maintenance of all documentation pertaining to the tool and its use.
  • Performs other related duties as assigned


Additional Duties & Responsibilities

Additional Duties & Responsibilities

Minimum Qualifications

  • Bachelor’s degree or equivalent work experience
  • 2+ years’ experience in risk management is required.
  • 2+ years’ experience in designing, deploying, and using a GRV solution is required.
  • CISSP or GISP certification.  5 years’ experience in a combination of Information Technology (IT) and Information Security (Cyber) operations experience or 5 years’ experience in Cyber Operations can be substituted for the certifications.
  • Knowledge and experience in cyber systems, network domain structures, identity management, security architecture, incident response, privacy and data protection, network, website, application, database, and operating systems security, and wireless networking.
  • Strong understanding of Configuration Management Database (CMDB) and IT asset management.
  • Experience with Microsoft server 2012, Microsoft SQL server and databases, XML/XSLT.
  • Knowledge and experience with the ISO 27000/NIST/SOX/PCI series Information Security family of documents.
  • Experienced in Cyber end-to-end governance of risk, including assessments, methodologies, mitigations, risk register.
  • Experienced in verification of cyber risk mitigation.
  • Experienced in reporting and explaining risk to audiences that possess varied levels of understanding.
  • Use of state-of-the-art Governance, Risk, Compliance (GRC) tools such as, EMC/RSA Archer, or IBM OpenPages.
  • Knowledge of industry, federal, state, and international cyber regulations and their compliance.  Including:
    • PCI DSS
    • GLBA
    • Sarbanes-Oxley
    • HIPAA/HiTech
    • EU and other global PII laws and directives.
  • Business Analyst experience a plus.
  • Interface with business and IT stakeholders and serve as support for the program.
  • Ability to build trust with customers and stakeholders.
  • Strong organizational and time management skills, customer service focus, attention to detail, and process orientation.
  • Ability to distill and present information to the business community in non-technical terminology.
  • Flexibly to adapt to a changing environment.
  • Ability to set priorities, meet deadlines and manage projects.
  • Self-motivated with the ability to execute direction from the Executive Director of Governance and Risk.
  • Strong negotiating skills with IT, Business and Audit personnel.
  • Ability to work independently on special projects.
  • Participate in incident response as needed.
  • 21 years of age
  • Ability to read and communicate effectively in standard English in written and oral business communications
  • Regular and reliable attendance is an essential function of the job
  • Proof of authorization to work in the United States

Work Environment

  • Perform a variety of duties, often changing from one task to another of a different nature, with frequent interruptions or distractions
  • Adapt to frequent changes in workload and be able to adjust priorities quickly as circumstances dictate while completing tasks within established time frames
  • Ability to establish and maintain cooperative working relationships with fellow Team Members, management, outside contacts, guest and the public
  • Ability to meet the basic physical requirements of an office environment including moving freely and frequently about an office, accessing computers and related technologies using peripheral equipment and operating other office equipment


Las Vegas Sands Corp (LVSC) owns and operates The Venetian Resort Hotel Casino (The Venetian Las Vegas), The Palazzo Resort Hotel Casino (The Palazzo) and The Sands Expo and Convention Center (the Sands Expo Center) in Las Vegas, Nevada, and the Sands Macao, The Venetian Macao Resort Hotel (The Venetian Macao) and the Four Seasons Hotel Macao, Cotai Strip (the Four Seasons Macao) in Macao, People's Republic of China (China). The Company is creating a master-planned development of integrated resort properties, anchored by The Venetian Macao. In addition, the Company is developing Marina Bay Sands, an integrated resort in Singapore, and Sands Casino Resort Bethlehem (the Sands Bethlehem), an integrated resort in Bethlehem, Pennsylvania. (Source: 10-K)

This company profile was created by AfterCollege and is about LAS VEGAS SANDS CORP.. This page is not endorsed by or affiliated with LAS VEGAS SANDS CORP.. For questions regarding company profiles, please email: care@aftercollege.com.