Chief Information Security Officer

An Official website of the Commonwealth of Massachusetts

ALERT

Effective January 25, 2024, Executive Order #627 cements the Commonwealth's well-established practice of skills-based hiring, paving the way to a more equitable hiring process.

The Commonwealth is committed to ensuring a diverse and inclusive workplace where all employees feel respected, valued, and empowered to serve our citizens. Join us today!

Job Description - Chief Information Security Officer (24000601)

Job Description

Chief Information Security Officer - ( 24000601 )

Description

About the Organization :

The Executive Office of Economic Development (EOED) is a Secretariat within the executive branch of the Commonwealth responsible for directing and executing the Governor’s agenda on economic, community and business development, job creation, consumer affairs, and business regulation.

EOED is committed to creating and sustaining a work culture that is welcoming, inclusive, and mutually respectful to all its employees regardless of race, color, age, creed, religion, national origin, ethnicity, sex, gender identity or expression, sexual orientation, genetic information, veteran, or disability status.

We strive to reflect diversity in all facets and levels of our agency. EOED values inclusiveness and diversity within their employee and management teams.

Within our community we strive to create and maintain working and learning environments that are inclusive, equitable, and welcoming.

EOED is committed to ensuring a diverse and inclusive workplace where all employees feel respected, valued, and empowered to maximize their skills and talents to serve our citizens.

About the Role :

Reporting to the Secretariat CIO, the Chief Information Security Officer (CISO) position requires an energetic visionary leader who can shape the direction of the cyber program and directly lead program execution.

The ideal candidate is a people and thought leader, having significant operational and technology risk management experience.

The CISO serves as the process owner of all assurance activities related to the confidentiality, integrity, and availability of constituent, third-party vendor, employee and business information in compliance with the organization’s information security policies.

The CISO is responsible for management and oversight of all security related operations relative to EOED’s cloud services, hardware and software, compliance, IT audit, business continuity and disaster recovery and security operations, including end point security for approximately 700 employees within EOED.

The CISO is responsible for overseeing security related cloud operations within the AWS and Azure Cloud environments to ensure that systems, software and application vulnerabilities are scanned and remediated.

The ideal candidate is experienced and well versed in cyber security operations and strategies and handles the day-to-day operations of the IT Security and Compliance Program, working closely with partner agencies and IT staff.

Duties vary and will include working with the Secretariat Chief Information Officer and the Commonwealth’s CISO to provide security oversight and management of critical systems that support agency business operations that include over 100 applications and 700 internal staff.

This individual will lead security operations and assist business stakeholders, internal staff, program managers, and working groups to increase security posture and track all security related operations and programs.

While this position reports directly to the Secretariat Chief Information Officer (SCIO), there is a dotted line reporting relationship to the Commonwealths’ CISO and has a close working relationship with senior EOED IT management to oversee all security related programs, plans and projects.

As a member of the EOED IT management team, you will be responsible for the development and implementation of strategic security and data initiatives that support the mission of the EOED, the IT Strategic Plan, and the alignment with the security initiatives and directives set forth by the Executive Office of Technology Services and Security (EOTSS).

The current primary work location for this role will be 1000 Washington Street, Boston, Massachusetts 02118 . The work schedule for this position is Monday through Friday, 9 : 00AM to 5 : 00PM EST .

This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed.

Occasional travel to local EOED offices may be required.

Duties and Responsibilities (these duties are a general summary and not all inclusive) :

• Align with and adhere to the information technology strategy as defined by secretariat IT and business leadership and in conjunction with EOTSS Security Policies and Guidelines and develop and implement procedures, management controls, and security best practices for all aspects of EOED’s computing environment.
• Lead the management of the EOED Security and Compliance Program including all aspects of the technology and process to create a best in breed cyber security program that aligns with IT goals and strategy.
• Manage all processes related to incident response, periodic review of access rights and application vulnerability rating and tracking.
• Provide security, management and oversight of cloud-based servers and services in AWS and Azure to ensure that security vulnerabilities are remediated and that supported applications meet all security protocols and standards including developing a modernization roadmap for unsupported technology, the oversight of application pen tests and remediation efforts and working closely with third-party vendors and partners.
• Provide management and oversight of the cyber security program to ensure that security threats are discovered, mitigated and remediated;

develop security and awareness training materials and communications to a broad staff audience.

• Liaise with and work closely with IT leadership, including EOTSS, partners and cross-secretariat CISO’s to further develop enhancements to the cyber security landscape in alignment with the EOTSS and EOED IT strategic plan.
• Oversee and facilitate business continuity, high availability and disaster recovery discussions and exercises for all EOED agencies and ensure that plans are developed and tested annually.
• Develop and provide management oversight of data privacy and data governance policies and controls, including facilitation of the development of a secretariat wide data practice group to identify, catalog and protect sensitive data.
• Participate in CISO Council Committee meetings and related cyber security activities.
• Support the technical needs of the programs as relates to security to ensure that business applications and AWS servers do not introduce security vulnerabilities.

Knowledge, Skills and Abilities :

• Six (6) plus years of relevant full-time experience in Information Technology with focus on Networking, Infrastructure, and Security and Risk Management.
• Minimum of two (2) years of leadership experience demonstrating outstanding team coaching and mentoring skills, and contributing to the overall build out of relevant programs and practices.
• Minimum of one (1) year of people or project management experience.
• Ability to communicate effectively both orally and in writing and operate effectively in a hybrid telework environment.
• Hands-on experience with the following skillsets and technologies :
• Network topology (LAN / WAN), including TC / PIP, DHCP, DNS.
• Security Monitoring Tools and configurations, including Tenable.
• PC and Server Hardware.
• Cloud storage and backup / recovery operations and mitigation planning.
• Azure and AWS Cloud, including serverless environments; RDS, EC2, S3.

Preferred Knowledge, Skills, and Experience :

• Experience or knowledge of public sector or non-profit industry policies and procedures.
• Experience with project, contract, and vendor management.
• Interactive and relationship-building skills with an ability to effectively present information and respond to questions from government leadership, consultants, and internal stakeholders.
• Ability to work independently and in a team-based project management environment.
• Ability to perform effectively in a fast-paced environment.
• The preferred candidate is an enthusiastic, self-directed, creative problem-solver who is passionate about cyber security and risk management.
• Must have strong computer skills in standard productivity software (Excel, Word, PowerPoint, etc.).
• The preferred candidate will have some experience with innovative technology, such as Tableau and / or PowerBI tools.

All applicants should attach a cover letter and resume to their online submission for this position.

Qualifications

MINIMUM ENTRANCE REQUIREMENTS :

Applicants must have at least (A) six (6) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least two (2) years must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.

Substitutions :

I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience.

II. A Bachelor's degree in a related field may be substituted for two (2) years of the required (A) experience.

III. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience.

IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package.

We take pride in providing a work experience that supports you, your loved ones, and your future.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law.

Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements.

We encourage individuals who believe they have the skills necessary to thrive to apply for this role.

Primary Location

Primary Location

United States-Massachusetts-Boston - 1000 Washington St

Information Systems and Technology

Agency

Agency

Exec Office of Economic Development

Schedule

Schedule

Full-time

Shift

Shift

Job Posting

Number of Openings

Number of Openings

Salary

95,982.38 - 115,000.00 Yearly

If you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator : Tiana Rossi - 6177883610

Bargaining Unit : M99-Managers (EXE)

Confidential : No

Potentially Eligible for a Hybrid Work Schedule : Yes

J-18808-Ljbffr