State of Massachusetts Chief Information Security Officer in Chelsea, Massachusetts
A&F IT is a unit under the Executive Office for Administration & Finance (A&F) that is overseen by the A&F IT Chief Information Officer (A&F CIO). A&F IT is comprised of 186 employees working on IT systems and applications for 15 various A&F agencies. Information regarding these supported agencies is available at https://www.mass.gov/orgs/executive-office-for-administration-and-finance (see section on “Related Organizations”).
A&F IT is seeking a highly motivated, experienced professional with a background in IT to serve as its Chief Information Security Officer (CISO). The CISO will be a member of A&F IT’s senior team and report to the A&F CIO. The CISO will manage a staff of 5-7 individuals.
The CISO will ensure the confidentiality, integrity and availability of information by communicating risk; creating and maintaining enforceable policies supporting processes; and ensuring compliance with regulatory requirements. The CISO will coordinate security-related activities with A&F IT-supported agencies. Activities include the evaluation, procurement and deployment of security-related products and the development and coordination of security awareness, disaster recovery and incident response plans.
Specific responsibilities include:
Exercising strong leadership, while ensuring resources are appropriate, have adequate tools and work in a cohesive and professional manner.
Maintaining IT standards, documentation and support in alignment with Commonwealth IT policies and procedures.
Implementing a security control framework across supported agencies.
Collaborating with the Executive Office of Technology Services and Security (EOTSS) on strategic initiatives and security operations.
Developing communication strategies and building professional relationships with security peers across the Commonwealth.
Developing, initiating, maintaining and revising security policies and procedures.
Monitoring emerging technologies for potential impacts to operations and long-term strategy.
Coordinating risk management and internal audit to direct compliance issues to appropriate reviewing bodies.
Identifying potential areas of compliance vulnerability and risk; directing the development and implementation of corrective action plans for resolution of identified issues.
Ensuring adherence to legal standards regarding information security compliance; implementing and following industry standards and best practices for security compliance; and developing reliable, efficient and effective project development processes.
Provide strategic and tactical advice to address existing and evolving security threats.
In collaboration with DOR’s Risk Management team, liaise with the IRS safeguards and other governing agencies in support of periodic security assessments.
The right candidate will be a strategic thinker, collaborative partner, and strong personnel manager with deep experience in IT. Strong communication and interpersonal skills and the ability to manage in a public and dynamic milieu are essential.
Required knowledge, skills and abilities include:
15 years of experience within information technology
10 years of experience in information security or cyber security; with at least 5 years of exposure to various security frameworks, preferably NIST
5 years of managerial, team leadership or supervisory experience in large, matrixed organizations
Extensive experience with policies/procedures, application design, information analysis and reporting, networking and systems integration, security control, audits, risk analysis and disaster recovery
Ability to supervise staff including performance appraisal, employee coaching, training, development and performance management
Excellent written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms
Ability to develop and maintain effective working relationships with a variety of stakeholders
Preferred knowledge, skills and abilities include:
CISSP, CISM or CISA certification, etc.
Government or public sector experience
MINIMUM ENTRANCE REQUIREMENTS:
Applicants must have at least (A) seven (7) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in IT administration or IT management, of which (B) at least three (3) years must have been in a managerial capacity.
An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.
Job: *Information Systems and Technology
Organization: *Exec Office of Administration and Finance
Title: Chief Information Security Officer
Location: Massachusetts-Chelsea-200 Arlington Street
Requisition ID: 200007ME