Massachusetts Veterans Jobs

MassHire JobQuest Logo

Job Information

State of Massachusetts Chief Information Security Officer in Chelsea, Massachusetts

Overview

A&F IT is a unit under the Executive Office for Administration & Finance (A&F) that is overseen by the A&F IT Chief Information Officer (A&F CIO). A&F IT is comprised of 186 employees working on IT systems and applications for 15 various A&F agencies. Information regarding these supported agencies is available at https://www.mass.gov/orgs/executive-office-for-administration-and-finance (see section on “Related Organizations”).

A&F IT is seeking a highly motivated, experienced professional with a background in IT to serve as its Chief Information Security Officer (CISO). The CISO will be a member of A&F IT’s senior team and report to the A&F CIO. The CISO will manage a staff of 5-7 individuals.

The CISO will ensure the confidentiality, integrity and availability of information by communicating risk; creating and maintaining enforceable policies supporting processes; and ensuring compliance with regulatory requirements. The CISO will coordinate security-related activities with A&F IT-supported agencies. Activities include the evaluation, procurement and deployment of security-related products and the development and coordination of security awareness, disaster recovery and incident response plans.

Specific responsibilities include:

  • Exercising strong leadership, while ensuring resources are appropriate, have adequate tools and work in a cohesive and professional manner.

  • Maintaining IT standards, documentation and support in alignment with Commonwealth IT policies and procedures.

  • Implementing a security control framework across supported agencies.

  • Collaborating with the Executive Office of Technology Services and Security (EOTSS) on strategic initiatives and security operations.

  • Developing communication strategies and building professional relationships with security peers across the Commonwealth.

  • Developing, initiating, maintaining and revising security policies and procedures.

  • Monitoring emerging technologies for potential impacts to operations and long-term strategy.

  • Coordinating risk management and internal audit to direct compliance issues to appropriate reviewing bodies.

  • Identifying potential areas of compliance vulnerability and risk; directing the development and implementation of corrective action plans for resolution of identified issues.

  • Ensuring adherence to legal standards regarding information security compliance; implementing and following industry standards and best practices for security compliance; and developing reliable, efficient and effective project development processes.

  • Provide strategic and tactical advice to address existing and evolving security threats.

  • In collaboration with DOR’s Risk Management team, liaise with the IRS safeguards and other governing agencies in support of periodic security assessments.

Qualifications

The right candidate will be a strategic thinker, collaborative partner, and strong personnel manager with deep experience in IT. Strong communication and interpersonal skills and the ability to manage in a public and dynamic milieu are essential.

Required knowledge, skills and abilities include:

  • 15 years of experience within information technology

  • 10 years of experience in information security or cyber security; with at least 5 years of exposure to various security frameworks, preferably NIST

  • 5 years of managerial, team leadership or supervisory experience in large, matrixed organizations

  • Extensive experience with policies/procedures, application design, information analysis and reporting, networking and systems integration, security control, audits, risk analysis and disaster recovery

  • Ability to supervise staff including performance appraisal, employee coaching, training, development and performance management

  • Excellent written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms

  • Ability to develop and maintain effective working relationships with a variety of stakeholders

Preferred knowledge, skills and abilities include:

  • CISSP, CISM or CISA certification, etc.

  • Government or public sector experience

MINIMUM ENTRANCE REQUIREMENTS:

Applicants must have at least (A) seven (7) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in IT administration or IT management, of which (B) at least three (3) years must have been in a managerial capacity.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

Job: *Information Systems and Technology

Organization: *Exec Office of Administration and Finance

Title: Chief Information Security Officer

Location: Massachusetts-Chelsea-200 Arlington Street

Requisition ID: 200007ME

DirectEmployers