Find Homeowner Assistance Fund Programs by State: Read More

Chief Information Security Officer

Published on March 14, 2024
Organization: Commonwealth of Massachusetts Executive Office of Housing and Livable Communities

 

Commonwealth of Massachusetts Seal

Executive Office of Housing and Livable Communities (EOHLC) is seeking a Chief Information Security Officer in the Office of Administration & Finance! 

AGENCY MISSION:
The Executive Office of Housing and Livable Communities (EOHLC) is charged with creating more homes in Massachusetts and lowering housing costs for residents.

Formerly known as the Department of Housing and Community Development (DHCD), EOHLC works with municipalities, local housing authorities, non-profit organizations, and development partners to provide affordable housing options, financial assistance, and other support to Massachusetts communities.

OVERVIEW OF ROLE:
As the Commonwealth of Massachusetts advances its mission to enhance information technology (IT) efficiencies and effectiveness, the EOHLC Chief Information Security Officer (CISO) will assess, design, deploy, monitor and continuously improve upon the Executive Office of Housing and Livable Communities (EOHLC) security posture.

Working in partnership with the Commonwealth Secretariat Chief Information Officer (SCIO), the dedicated EOHLC Secretariat CISO provides strategic and tactical information security direction for the Executive office, and each of the divisions within the Secretariat. The EOHLC-CISO is a member of the strategic IT organizational pillars working to transform the delivery of IT services and secured availability of data within the EOHLC Secretariat.

Working for the EOHLC SCIO and in partnership with the Executive Office of Technology Services and Security (EOTSS) CISO, responsibilities may include the following:

  • Implements EOTSS security framework and ensures compliance
  • Participates in the change management process with the EOTSS CISO
  • Responds to Executive order changes regarding security and confidentiality of citizen information.

DUTIES AND RESPONSIBILITIES (NOT ALL INCLUSIVE): 

1.Design, Deploy & Monitor

  • Implements a security, governance and control framework for EOHLC.
  • Develops, initiates, maintains and revises security policies and procedures.
  • Monitors emerging technologies for potential impacts to operations and long-term strategy.
  • Ensures adherence to legal standards regarding information security compliance; implements and follows industry standards and best practices for security compliance; and develops reliable, efficient, and effective project development processes.
  1. Risk Assessment:
  • Identifies potential areas of compliance vulnerability and risk.
  • Directs the development and implementation of corrective action plans for resolution of identified issues.
  • Coordinates risk management and internal audit to direct compliance issues to appropriate reviewing bodies.
  1. Interagency Security Operations:
  • Provides strategic and tactical advice to address existing and evolving security threats.
  • In collaboration with Department of Revenue (DOR) Risk Management team, liaises with the Internal Revenue Services (IRS) safeguards and other governing agencies in support of periodic security assessments.
  • Develops communication strategies and builds professional relationships with security peers across the Commonwealth. Collaborates with the Executive Office of Technology Services and Security (EOTSS) on strategic initiatives and security operations.
  1. Team Management:
  • Exercises strong leadership, while ensuring resources are appropriate, have adequate tools and work in a cohesive and professional manner.
  • Ensures that staff have adequate and ongoing training and professional development.
  1. Senior Leadership:
  • Interfaces with executive and senior leadership and the EOTSS CISO, ensuring consistent and timeliness in basic functions and customer service.
  • Participates as part of HLC senior leadership in developing overall strategies and policies.

PREFERRED QUALIFICATIONS:

  1. At least 10 years of experience in information security or cyber security; with at least 5 years of exposure to various security frameworks, preferably NIST (National Institute of Standards and Technology)
  2. At least 3 years of managerial or supervisory experience in large or matrixed organizations.
  3. Working knowledge of the NIST SP800-53 publication and ISO 27001 standard.
  4. Knowledge with some experience in security control with monitoring in Windows, Linux, database, network, telecom and virtual network/computing environments.
  5. Extensive background in IT.
  6. Extensive background in information security or cyber security.
  7. Extensive experience with policies/procedures, application design, information analysis and reporting, networking and systems integration, security control, audits, risk analysis and disaster recovery.
  8. Excellent written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms.
  9. Ability to develop and maintain effective working relationships with a variety of stakeholders.
  10. Certification in DoD, IAT, IAM, IASAE, CAP, CASP, CISM and/or ITIL.

COMMENTS:
Please upload resume and cover letter.

This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days, as needed.

Salary placement is determined by years of experience and education directly related to the position and the Human Resources Division’s Recruiting Guidelines. In the case of a promotional opportunity, the salary provisions of the applicable collective bargaining agreement will apply to placement within the appropriate salary range.

Education, licensure and certifications will be verified in accordance with the Human Resources Division’s Hiring Guidelines. Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth’s website.

PRE-OFFER PROCESS:
A background check will be completed on the recommended candidate as required by the regulations set forth by the Human Resources Division prior to the candidate being hired.

QUALIFICATIONS:

MINIMUM ENTRANCE REQUIREMENTS: Applicants must have at least (A) six (6) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least two (2) years must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.

Substitutions:

  1. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience.
  2. A Bachelor’s degree in a related field may be substituted for two (2) years of the required (A) experience.
  3. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience.
  4. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.

Comprehensive Benefits:
When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics? Explore our Employee Benefits and Rewards! at https://www.mass.gov/commonwealth-employee-benefits-and-rewards

An Equal Opportunity / Affirmative Action Employer.  Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law.  Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don’t meet 100% of the job requirements.  We encourage individuals who believe they have the skills necessary to thrive to apply for this role.

Official Title: Administrator VII
Functional Title: Chief Information Security Officer
Primary Location: United States-Massachusetts-Boston-100 Cambridge Street
Job: Information Systems and Technology
Agency: Executive Office of Housing and Livable Communities
Schedule: Full-time
Shift: Day
Job Posting: Mar 11, 2024, 1:56:55 PM
Number of Openings: 1
Salary: $95,982.38 – $148,039.17 Yearly
Bargaining Unit: M99-Managers (EXE)
Confidential: No
Potentially Eligible for a Hybrid Work Schedule: Yes

If you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator: Jessica Molina – 8572480160

HOW TO APPLY:
Apply online at https://massanf.taleo.net/careersection/ex/jobdetail.ftl?job=240003DW

HFA Communities

Connect with your HFA peers for best practices, advice, and solutions.

Join the Conversation

Upcoming Events

event

View Event

Membership

Login

Get NCSHA Updates

Stay informed about the issues, legislation, and regulations important to state HFAs.

Subscribe