Risk and Security Analyst

Recruiter
Commonwealth of Massachusetts
Location
Boston
Salary
Competitive
Posted
26 Sep 2024
Closes
24 Oct 2024
Job Type
Security Analyst
Employer Sector
Banking & Finance
Contract Type
Permanent
Hours
Full Time
An Official website of the Commonwealth of Massachusetts

ALERT

Effective January 25, 2024, Executive Order cements the Commonwealth's well–established practice of skills–based hiring, paving the way to a more equitable hiring process. The Commonwealth is committed to ensuring a diverse and inclusive workplace where all employees feel respected, valued, and empowered to serve our citizens. Join us today!

Job Description – Risk and Security Analyst (240008B4)

About the Office of the Comptroller

The Office of the Comptroller ensures that the more than $50 billion in annual transactions authorized by the general appropriations act and supplemental appropriations are executed in accordance with all statutory requirements and recorded in compliance with accounting standards. We also oversee capital assets, federal funding inflows, and other transactions. We also own and maintain statewide payments and payroll systems, safeguarding critical financial information. We operate in support of our partners, the financial staff at more than 150 departments and agencies across the Commonwealth.

As stewards of the public trust, CTR aspires to inspire confidence by maintaining our core principles: clarity, integrity, and accountability.

The powers and obligations of the Office of the Comptroller are generally dictated by M.G.L. c. 7A.

Position Summary

The Office of the Comptroller is seeking a Risk and Security Analyst position assigned to the Statewide Risk Management Team (SRMT). The position reports to the Assistant Comptroller for Risk. This position is responsible for departmental reviews to determine compliance by Commonwealth departments with internal controls, state finance law, and Comptroller regulations and policies. Additionally, this position will apply technical knowledge and skills to assess and mitigate risks related to CTR systems. The ability to mine data from the Commonwealth's Enterprise systems, to analyze, report on, and draw conclusions from that data are key skills of the job.

Strong analytical, communication, and presentation skills, along with experience writing reports and recommendations are critical skills for the successful candidate. This position requires a self–starter with capabilities and attributes which include the following: attention to detail; superior time management and solid multitasking skills; ability to contribute and work productively as part of a team; positive attitude; capacity to remain flexible and learn new accounting, auditing, and technical standards as necessary; and the ability to work well under pressure.

Specific Duties:
  • Perform data analysis and risk assessments of state departments':
    • Security roles usage, compliance, and access
    • Risk ratings for overall compliance with Comptroller policies, regulations, and state finance law
  • Provide technical assistance and advice to departments on internal controls
  • Serve as lead analyst for the statewide Internal Control Certification (ICC) – formerly the Internal Control Questionnaire)
    • Participate in department ICC interviews
    • Learn applications for developing department risk profiles
  • Conduct training and retraining of Department Security Officers (DSOs)
    • Maintain updated Security Guides for MMARS and HRCMS
  • Analyze technical vulnerabilities and assess the potential impact of security threats on internal controls
  • Maintain knowledge and understanding of how information systems operate, including software, hardware, and networks, to effectively assess risks, monitor compliance, and the effectiveness of robust internal control plans.
  • Support Security Team with Enterprise System(s) access requests as an additional resource
  • Lead the semi–annual statewide Department Security Access review and approval process
  • Conduct training of Comptroller employees on the relationship of department devices (laptops, cell phones, etc.) and fraud awareness/phishing training
  • Review Commonwealth departments' Internal Control Plans and provide technical assistance and advice to departments on internal controls
  • Participate in Incident Responses – protecting enterprise systems, aiding departments with internal control advice, tracking tasks
  • Conduct department desk reviews to determine compliance with state finance law and Comptroller policies and regulations
  • Serve as administrator for banking verification application
  • Assist SRMT in other areas as assigned by Team leadership (e.g. Single Audit)
  • Remain current on CTR oversight policies
  • All employees of CTR may be asked to engage in other assignments on an as–needed basis
Bargaining Unit / Salary Range

NAGE Unit 6 / Grade 14: $73,566.74 – $107,580.72

As per the Unit 6 Collective Bargaining Agreement between the Commonwealth of Massachusetts and the National Association of Government Employees, the range is based upon a series of steps. Any potential offer is determined based upon an analysis of the minimum entrance requirements, the candidate's relevant work experience, and educational achievement level.

Benefits Package

CTR is pleased to offer a comprehensive benefits package for its employees and managers. The specific components and eligibility may vary based upon position classification, hours worked per week, and other variables. Therefore, specific benefits for this position may be discussed as part of the interview and offer process.

The overall benefits available include paid vacation, sick and personal leave time, health, dental, and vision insurance through the Commonwealth's Group Insurance, and optional pre–tax Health Savings Account plans. Details of the various plans and the cost split between employer and employee may be reviewed by looking at the Group Insurance website, and/or as part of the interview process.

In addition, CTR provides employees the opportunity to elect life insurance, long–term disability insurance, deferred compensation savings, tuition remission, pre–tax commuter account plans, along with other programs.

CTR Hybrid Work Model

CTR operates under a hybrid work model. Under this policy, employees are currently required to work a minimum of four business days per month (two set by management and two set by the employee) on–site at CTR's Boston office and may work remotely the remainder of the time at a location approved by their supervisor, so long as they comply with the requirements of the telework policy. Under this policy, all employees must be able to report to the Boston office with little or no notice, even including the same workday should an exigent circumstance arise. Therefore, a reasonable proximity to the office is necessary. CTR does not reimburse for employees to travel to the office.

In addition, the successful candidate may be required to work primarily on–site in Boston during the initial training and orientation period and/or for certain positions a primarily on–site role may be necessary.

Commitment to Diversity

CTR is committed to building a diverse staff at all levels across its entire agency.

CTR IS AN EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER.

Application Process

The Office of the Comptroller encourages interested candidates that meet the minimum entrance requirements and qualifications to apply for this position.

Interested candidates must submit their materials electronically, by E–mail no later than 5:00 pm, on October 7, 2024.

Submissions should include the following:
  • a cover letter;
  • three business writing samples (for candidates chosen to advance to a second–round interview);
  • three professional references (for candidates chosen to advance to a second–round interview).
Please include position title and posting number (FY25–007) in the subject line of your submission. Your application package should be submitted to:

Late submissions may be considered solely at the discretion of CTR.

Required Background Check – Including Tax Compliance:

CTR requires a background check on all prospective employees as a condition of employment. Candidates should know that the background check is not initiated until:

  1. A candidate is invited to a second or subsequent interview and
  2. The candidate has signed the Background Check Authorization Form and related releases.
This background check includes a Criminal Offender Record Information (CORI) check, and Commonwealth Department of Revenue state tax compliance on all prospective employees as a condition of their employment. Candidates with advanced degrees and professional licenses may have these credentials verified. Individuals other than those references provided by a candidate may be contacted in the course of completing a full background and qualification check.

Minimum Entrance Requirements

Applicants must have at least (A) four years of full–time, or equivalent part–time, professional experience in electronic data processing of which (B) at least two years must have been in work in which the major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.

SUBSTITUTIONS:
  • An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience click apply for full job details