Position: Cybersecurity Audit Analyst
Location: Boston, MA- 02108 (Hybrid)
Duration: Long term Contract
Job Description:
We are seeking a qualified Cybersecurity Audit Analyst with a minimum of five (5) years of relevant experience. The selected candidate will play a key role in executing and enhancing the Commonwealth’s cybersecurity audit program, including both internal audit activities and coordination of external audit responses.
Internal audit review
- Assist deputy chief risk officer, continue to formalize and automate the ERM audit program
- Conduct regularly scheduled reviews of EOTSS internal processes to ensure recommended risk mitigating controls are fully implemented, followed, documented and effective.
- Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendations
- Employ analytical skills to conduct audit tests, participate in meetings and interviews, and assess procedural documentation
- Create comprehensive reports of audit findings to inform staff and executives of needed updates or improvements
- Proactively inform senior management of significant risks or exposures related to internal controls, compliance, and/or governance requiring prompt attention
- Manage the process to track, follow up, and ultimately ensure closure of all open audit issues
External audit response
- Coordinate and follow through with numerous individuals for various audit responses
- Obtain and provide comprehensive responses to internal and external audit requests.
- Build and maintain positive working relationships across all levels and functional areas.
- Meticulously track and document responses to and from multiple sources in a timely and succinct manner.
- Oversight of the internal audit liaison program
- Assist documentation of ERM audit program practices and procedures to include templates and reference guides.
- Plan and schedule program deliverables, goals, milestones.
- Other responsibilities as assigned.
Required ERM Knowledge, Skills & Abilities:
- At least five (5) years of experience in cybersecurity audit, IT audit, risk management, or compliance
- Strong knowledge of cybersecurity and control frameworks (e.g., NIST, CIS Controls)
- Experience performing audits, risk assessments, program evaluations, and conducting research using quantitative and qualitative methods in a government or highly regulated environment.
- Demonstrate ability to multitask, prioritize, and meet deliverables for various and fluid responsibilities and initiatives.
- Exceptional organizational skills include acute attention to detail especially involving the gathering, updating, tracking, and reporting of data from multiple sources.
- Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization.
- A working knowledge of IT, Network infrastructure, software application and software vendor disciplines desired.
Required General Knowledge, Skills & Abilities:
- Strong work ethic
- Excellent verbal and written communication skills
- The ability to work independently as well as part of a team.
- Strong adaptability to evolving challenges and changing priorities.
- Ability to think critically, analyze situations, solve problems, and make informed decisions to address complex challenges.
- Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization.
- Some technical knowledge is preferred.
