Cybersecurity Audit Analyst

The primary work location for this role will be at One Ashburton Place Boston, Massachusetts 02108. The work schedule for this position is Monday through Friday, 9:00AM - 5:00PM EST. This position follows a hybrid work model, with a minimum onsite presence of approximately 40% (typically two days per week), with specific expectations determined by the Line of Business based on operational needs. Occasional local travel to industry-related events or Commonwealth offices may be required. All offers of employment into this position are conditional and subject to passing: a Massachusetts Criminal Background Check (CORI); a security clearance (fingerprinting) consistent with IRS and/or public safety requirements; and security training.

Responsibilities include:

Internal audit review Assist deputy chief risk officer, continue to formalize and automate the ERM audit program Conduct regularly scheduled reviews of internal processes to ensure recommended risk mitigating controls are fully implemented, followed, documented and effective. Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendations Employ analytical skills to conduct audit tests, participate in meetings and interviews, and assess procedural documentation Create comprehensive reports of audit findings to inform staff and executives of needed updates or improvements Proactively inform senior management of significant risks or exposures related to internal controls, compliance, and/or governance requiring prompt attention Manage the process to track, follow up, and ultimately ensure closure of all open audit issues External audit response Coordinate and follow through with numerous individuals for various audit responses Obtain and provide comprehensive responses to internal and external audit requests. Build and maintain positive working relationships across all levels and functional areas. Meticulously track and document responses to and from multiple sources in a timely and succinct manner. Oversight of the internal audit liaison program Assist documentation of ERM audit program practices and procedures to include templates and reference guides. Plan and schedule program deliverables, goals, milestones. Other responsibilities as assigned.

Required ERM Knowledge, Skills & Abilities:

At least five (5) years of experience in cybersecurity audit, IT audit, risk management, or compliance Strong knowledge of cybersecurity and control frameworks (e.g., NIST, CIS Controls) Experience performing audits, risk assessments, program evaluations, and conducting research using quantitative and qualitative methods in a government or highly regulated environment. Demonstrate ability to multitask, prioritize, and meet deliverables for various and fluid responsibilities and initiatives. Exceptional organizational skills include acute attention to detail especially involving the gathering, updating, tracking, and reporting of data from multiple sources. Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization. A working knowledge of IT, Network infrastructure, software application and software vendor disciplines desired.

Required General Knowledge, Skills & Abilities:

Strong work ethic Excellent verbal and written communication skills The ability to work independently as well as part of a team. Strong adaptability to evolving challenges and changing priorities. Ability to think critically, analyze situations, solve problems, and make informed decisions to address complex challenges. Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization. Some technical knowledge is preferred.

Pay:

$60.00 - $66.00 per hour

Experience:

Cybersecurity:

8 years (Required)

IT Audit:

5 years (Required)

NIST:

4 years (Required)

Risk Management & Compliance:

4 years (Required)

Work Location:

In person