Massachusetts Jobs

MassHire JobQuest Logo

Job Information

State of Massachusetts Manager of Internal Audit in Boston, Massachusetts

The Executive Office of Technology Services and Security (EOTSS)is the state’s lead office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts. EOTSS is seeking to hire aManager of Internal Auditthat will be mainly responsible for the Internal Audit function and supports the EOTSS Chief Risk & Security Officer. The Manager of Internal Audit is responsible for ensuring internal audit is closely aligned with industry best practices in executing the enterprise security program across the Commonwealth’s executive departments and agencies. The position will work with the Director of Governance, Risk & Compliance to lead the Internal Audit’s annual risk assessment and enterprise risk assessment and planning process to develop the audit framework and ensure the plan is responsive to and aligned with the risk profile of the organization. The position will oversee the execution of individual audits defined in the audit plan ensuring the highest level of service quality and satisfaction amongst the Commonwealth’s executive departments and agencies. The position also works to ensure roles, responsibilities, and results are efficiently coordinated and collectively optimizing the effectiveness of risk management, control, and governance of the Commonwealth. The primary work location for this role will be atOne Ashburton Place, Boston, Massachusetts 02108.The work schedule for this position isMonday thru Friday, 9AM to 5PM EST. This position would be expected to follow ahybrid model of reportingto work that combines in-office workdays and work from home days as needed. 20% on prem and 80% remote work arrangement. All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI); a security clearance (fingerprinting) consistent with IRS and/or public safety requirements; and security training. * * Responsibilities: * Work with the Chief Risk & Security Officer, Director of Governance, Risk & Compliance, executive/senior leadership teams, and our partners to drive the Commonwealth’s information security plan by continuing the establishment of the Internal Audit program. * Oversee internal controls and protect governance, while also ensuring the integrity of the data, and aligning the overall goals of the Executive Office of Technology and Security Services. * Issue all Internal Audit reports ensuring the reports are clear, concise, identify root causes with practical solutions, and ultimately provide value to management. * Meet regularly with the Office of Enterprise Risk Management and Security, including any relevant Risk or Audit Committees established to carry out the agency’s initiatives. * Monitor ongoing activities, educate/inform the committee members of emerging risks and/or exposures (whether internal or external to the Commonwealth) that should be considered, and serve as a “thought leader” with respect to risk management and internal control best practices. * Proactively inform senior management of significant risks or exposures related to internal controls, compliance, and/or governance requiring prompt attention. * Update/develop process documentation to support the enterprise information security policies and standards for compliance. * Coordinate and communicate with other divisions, user agencies, state agencies, federal agencies, and outside partners to provide information and resolve problems on security related issues. * Manage the process to track, follow-up, and ultimately close all open audit issues leveraging the Risk Committee, if necessary. * Make recommendations to the Chief Risk & Security Officer on all relevant technologies that will define future security and technology standards for an organization within the Commonwealth or a recommendation for the enterprise. * Identify and report potential areas of compliance vulnerability and risk. * Direct the development and implementation of corrective action plans for resolution of identified issues. * Coordinate risk management and internal audit to direct compliance issues to appropriate reviewing bodies. * Conduct periodic security assessments. * Monitor emerging technologies for potential impacts to operations and long-term strategy. * Develop communication strategies and build professional relationships with security peers across the Commonwealth. * Provide strategic and tactical advice to address existing and evolving security threats. Preferred Knowledge, Skills and Abilities: * Five (5) to seven (7) years of IT System Network and System Administrative related experience with progressive auditing processes and technical management responsibilities. * Two (2) to three (3) years of technical hands-on security, audit, and risk management practitioner experience. * Proficient hands-on knowledge and understanding of information systems security strategies, policies, standards, and best practices. Understanding of defense in depth security architecture, tools, firewalls, and related devices. * Ability to determine and produce audit reports with accuracy, integrity, and authenticity, to satisfy requirements of regulations, policies, procedures, and other criteria relevant to the audit. * Functional knowledge of commonly used cloud service providers, including AWS, Microsoft Azure and/or Google Cloud Platform. * Strong knowledge and experience with Microsoft Office365 and familiarity with database applications. * Experience in performing program evaluations and conducting research using quantitative and qualitative methods. * Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization with the ability to translate security requirements within a business context. * Proficient experience directing and managing the planning, development, testing, modification and evaluation of security services and related technologies. * Strong leadership experience managing the work of staff by defining responsibilities, controlling workflow, and establishing criteria for evaluation of staff performance and security related SLAs. * Proven ability to receive security team recommendations and act assertively to support objectives. * Excellent judgment and the ability to make quick decisions when working with complex situations. * Ability to work well with large groups of people with divergent viewpoints and to help staff implement policies that comply with all applicable legal requirements. * Ability to work effectively with colleagues across organizational lines in multi-department public sector organizations. * Knowledge of procurement and contracting principles and practices. * Knowledge of the laws, regulations, and practices that are characteristic of public sector agencies and good understanding of public sector budgetary principles and practices * Ability to work with diverse and multilateral stakeholder ecosystems such as EOTSS’ constituency which includes other agency and Secretariat general counsels, agency heads, high-level state and federal officials and other interested parties. Education and Certifications: * A Bachelor’s degree in Business Administration, Finance, Public Administration or related field, or equivalent work experience. * Enterprise Risk Management certification(s) is a plus MINIMUM ENTRANCE REQUIREMENTS: Applicants must have at least (A) five (5) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least one (1) year must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below. Substitutions: I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience. II. A Bachelor’s degree in a related field may be substituted for two (2) years of the required (A) experience. III. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience. IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience. *Comprehensive Benefits* When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future. Want the specifics? Explore our Employee Benefits and Rewards! Executive Order #595:As a condition of employment, successful applicants will be required to have received COVID-19 vaccination or an approved exemption as of their start date. Details relating to demonstrating compliance with this requirement will be provided to applicants selected for employment. Applicants who receive an offer of employment who can provide documentation that the vaccine is medically contraindicated or who object to vaccination due to a sincerely held religious belief may make a request for exemption. An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply. The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role. Job: Information Systems and Technology* *Organization: Exec Office of Technology Services and Security *Title: *Manager of Internal Audit Location: Massachusetts-Boston-1 Ashburton Place Requisition ID: 22000B3E