Cyber Security Analyst

Position: Cybersecurity Audit AnalystLocation: Boston, MA- 02108 (Hybrid) Duration: Long term Contract Job Description:We are seeking a qualified Cybersecurity Audit Analyst with a minimum of five (5) years of relevant experience. The selected candidate will play a key role in executing and enhancing the Commonwealth’s cybersecurity audit program, including both internal audit activities and coordination of external audit responses.Internal audit reviewAssist deputy chief risk officer, continue to formalize and automate the ERM audit programConduct regularly scheduled reviews of EOTSS internal processes to ensure recommended risk mitigating controls are fully implemented, followed, documented and effective.Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendationsEmploy analytical skills to conduct audit tests, participate in meetings and interviews, and assess procedural documentationCreate comprehensive reports of audit findings to inform staff and executives of needed updates or improvementsProactively inform senior management of significant risks or exposures related to internal controls, compliance, and/or governance requiring prompt attentionManage the process to track, follow up, and ultimately ensure closure of all open audit issuesExternal audit responseCoordinate and follow through with numerous individuals for various audit responsesObtain and provide comprehensive responses to internal and external audit requests.Build and maintain positive working relationships across all levels and functional areas.Meticulously track and document responses to and from multiple sources in a timely and succinct manner.Oversight of the internal audit liaison programAssist documentation of ERM audit program practices and procedures to include templates and reference guides.Plan and schedule program deliverables, goals, milestones.Other responsibilities as assigned.Required ERM Knowledge, Skills & Abilities:At least five (5) years of experience in cybersecurity audit, IT audit, risk management, or complianceStrong knowledge of cybersecurity and control frameworks (e.g., NIST, CIS Controls)Experience performing audits, risk assessments, program evaluations, and conducting research using quantitative and qualitative methods in a government or highly regulated environment.Demonstrate ability to multitask, prioritize, and meet deliverables for various and fluid responsibilities and initiatives.Exceptional organizational skills include acute attention to detail especially involving the gathering, updating, tracking, and reporting of data from multiple sources.Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization.A working knowledge of IT, Network infrastructure, software application and software vendor disciplines desired.Required General Knowledge, Skills & Abilities:Strong work ethicExcellent verbal and written communication skillsThe ability to work independently as well as part of a team.Strong adaptability to evolving challenges and changing priorities.Ability to think critically, analyze situations, solve problems, and make informed decisions to address complex challenges.Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization. Some technical knowledge is preferred.