Cybersecurity Audit Analyst

Company:
Commonwealth of Massachusetts

Location:
Boston MA

Hybrid

Position:
Cybersecurity Audit Analyst

Pay:
$60/HR

Job Description:
The EOTSS Enterprise Risk Management (ERM) program is seeking a qualified Cybersecurity Audit Analyst with

a minimum of five (5) years of relevant experience. The selected candidate will play a key role in executing and enhancing the Commonwealths cybersecurity audit program including both internal audit activities and coordination of external audit responses.

This position requires strong knowledge of cybersecurity frameworks auditing methodologies and risk management practices along with the ability to work collaboratively across agencies and organizational levels.

As a member of the ERM team you will significantly contribute to the Commonwealth-wide governance risk and compliance program ensuring compliance with all relevant legislative regulatory statutory and contractual requirements related to Information Security. The incumbent will collaborate with various members and levels of the organization to ensure we are reviewing and updating our applications systems user lists and vendor reviews on a regular periodic and continuing basis.

The primary work location for this role will be at One Ashburton Place Boston Massachusetts 02108. The work schedule for this position is Monday through Friday 9:00AM 5:00PM EST. This position follows a hybrid work model with a minimum onsite presence of approximately 40% (typically two days per week) with specific expectations determined by the Line of Business based on operational needs. Occasional local travel to industry-related events or Commonwealth offices may be required.

All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI); a security clearance (fingerprinting) consistent with IRS and/or public safety requirements; and security training.

Responsibilities include:

Internal audit review

Assist deputy chief risk officer continue to formalize and automate the ERM audit program

Conduct regularly scheduled reviews of EOTSS internal processes to ensure recommended risk mitigating controls are fully implemented followed documented and effective.

Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendations

Employ analytical skills to conduct audit tests participate in meetings and interviews and assess procedural documentation

Create comprehensive reports of audit findings to inform staff and executives of needed updates or improvements

Proactively inform senior management of significant risks or exposures related to internal controls compliance and/or governance requiring prompt attention

Manage the process to track follow up and ultimately ensure closure of all open audit issues

External audit response

Coordinate and follow through with numerous individuals for various audit responses

Obtain and provide comprehensive responses to internal and external audit requests.

Build and maintain positive working relationships across all levels and functional areas.

Meticulously track and document responses to and from multiple sources in a timely and succinct manner.

Oversight of the internal audit liaison program

Assist documentation of ERM audit program practices and procedures to include templates and reference guides.

Plan and schedule program deliverables goals milestones.

Other responsibilities as assigned.

Required ERM Knowledge Skills & Abilities:

At least five (5) years of experience in cybersecurity audit IT audit risk management or compliance

Strong knowledge of cybersecurity and control frameworks (e.g. NIST CIS Controls)

Experience performing audits risk assessments program evaluations and conducting research using quantitative and qualitative methods in a government or highly regulated environment.

Demonstrate ability to multitask prioritize and meet deliverables for various and fluid responsibilities and initiatives.

Exceptional organizational skills include acute attention to detail especially involving the gathering updating tracking and reporting of data from multiple sources.

Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization.

A working knowledge of IT Network infrastructure software application and software vendor disciplines desired.

Required General Knowledge Skills & Abilities:

Strong work ethic

Excellent verbal and written communication skills

The ability to work independently as well as part of a team.

Strong adaptability to evolving challenges and changing priorities.

Ability to think critically analyze situations solve problems and make informed decisions to address complex challenges.

Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization.

Some technical knowledge is preferred.