State of Massachusetts Chief Information Security Officer in Boston, Massachusetts

_About Us_

The Executive Office of Energy and Environmental Affairs seeks to protect, preserve, and enhance the Commonwealth’s environmental resources while ensuring and promoting a clean energy future for the state’s residents. Through the stewardship of open space, protection of environmental resources, and enhancement of clean energy, the Executive Office of Energy and Environmental Affairs works tirelessly to make Massachusetts a wonderful place to live, work, and raise a family.

_Who We Serve_

Massachusetts was the first state in the nation to combine energy and environmental agencies under one Cabinet secretary. The Executive Office of Energy and Environmental Affairs (EOEEA) serves Commonwealth residents interested in outdoor recreational activities, clean energy solutions and those who work with animals and livestock. Equally, EOEEA works with energy consumers, power companies, clean energy providers and farmers to delicately balance the interaction with environmental protection laws and regulations while being a cornerstone for our economic prosperity. Assuring public information transparency we’re relentlessly committed to making agency procedures and outcomes available in a user friendly, accessible manner.

_Our Mission_

Under the direction of the Secretariat Chief Information Officer, the mission of the information technology department is to ensure the Commonwealth a secure, reliable, robust, efficient and highly adaptable collection of digital and infrastructure services through applied technology, engineering and transformational investments.

/ /

Job Description Summary:

As the Commonwealth of Massachusetts advances its mission to enhance information technology (IT) efficiencies and effectiveness, EOEEA is looking for a Secretariat Chief Information Security Officer who will work closely with the Executive Office of Technology Services and Security (EOTSS) and the Commonwealth Chief Information Security Officer. The Secretariat CISO will collaborate with EOTSS in their mission to drive a more secure environment through the enterprise security program.

Working in partnership with the EOTSS CISO, the dedicated EOEEA Secretariat CISO will provide strategic and tactical information security direction for the EOEEA, all our agencies and each of the divisions across the Commonwealth. The Secretariat CISO is a member of the strategic IT organizational pillars working to transform the delivery of IT services and secured availability of data within the highly unique Energy and Environmental Affairs Secretariat.

Responsibilities:

Working for the EEA Secretariat Chief Information Officer and in partnership with the EOTSS CISO, responsibilities may include the following

  • The primary role is the protect public and government EEA information technology resources

  • Assist in the development of a security strategy aligned to the NIST SP800-53 publication

  • Prepare system documentation for assessment, risk management and evidenced based audit response to NIST SP800-53, including structured auditing controls

  • Identify deficiencies and provide achievable solutions to accomplish EEA short and long-term security goals

  • Facilitate and conduct periodic security audits using all aspects of the control policy, including internally and externally managed applications

  • Participate in the change management process with the EOTSS CISO

  • Act as an EEA liaison to the Enterprise Security Board

  • Contract and perform penetration tests

  • Monitor business continuity and recovery procedures to ensure security architecture and features are functioning properly following system failures or outages

  • Monitor, report and communicate federal and state regulations, security policies, standards and service level agreements pertaining to information security

  • Respond to Executive order changes regarding security and confidentiality of citizen information

  • Facilitate and perform vulnerability testing with EEA application development and infrastructure/network teams

  • Contribute to annual security budget planning

  • Serve as an escalation point for resolving issues, conflicts of priority and obtaining decisions for managing the impact of change

  • Assist in recruiting, developing and retaining top project team talent, including contracted vendor relationships.

/_Primary work location is Boston, with flexibility for the secondary locations to be Springfield, Worcester, Wilmington or Lakeville._/*

Qualifications:

  • Minimum Bachelor’s Degree, preferably in telecommunications, information technology, computer science, electrical engineering or related field of study

  • Minimum 7 years working within a highly complex, technology centric organization

  • Minimum 5 years working with information networks

  • Minimum 3 years working in a hands-on security architect role

  • Minimum 3-5 years of management experience within security

  • Exceptional strategic thinking, creative, problem solving and analytical skills

  • Working knowledge of the NIST SP800-53 publication and ISO 27001 standard

  • Knowledge with some experience in security control with monitoring in Windows, Linux, database, Cisco, telecomm and virtual network/computing environments

  • Certification preferred in DoD, IAT, IAM, IASAE, CAP, CASP, CISM and/or ITIL

  • Must be able to pass a rigorous background check

  • Experience in the industry of energy or environmental affairs is a plus.

MINIMUM ENTRANCE REQUIREMENTS:

Applicants must have at least (A) six (6) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least two (2) years must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.

Substitutions:

I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience.

II. A Bachelor’s degree in a related field may be substituted for two (2) years of the required (A) experience.

III. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience.

IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

Job: *Information Systems and Technology

Organization: *Exec Office Of Energy and Environmental Affairs

Title: Chief Information Security Officer

Location: Massachusetts-Boston-100 Cambridge Street

Requisition ID: 180007I5