Director of Information Security and Compliance Management


: $155,640.00 - $155,640.00 /year *

Employment Type

: Full-Time


: Information Technology

Loading some great jobs for you...

About Us

The Executive Office of Energy and Environmental Affairs seeks to protect, preserve, and enhance the Commonwealth's environmental resources while ensuring and promoting a clean energy future for the state's residents. Through the stewardship of open space, protection of environmental resources, and enhancement of clean energy, the Executive Office of Energy and Environmental Affairs works tirelessly to make Massachusetts a wonderful place to live, work, and raise a family.

Who We Serve

Massachusetts was the first state in the nation to combine energy and environmental agencies under one Cabinet secretary. The Executive Office of Energy and Environmental Affairs (EOEEA) serves Commonwealth residents interested in outdoor recreational activities, clean energy solutions and those who work with animals and livestock. Equally, EOEEA works with energy consumers, power companies, clean energy providers and farmers to delicately balance the interaction with environmental protection laws and regulations while being a cornerstone for our economic prosperity. Assuring public information transparency we're relentlessly committed to making agency procedures and outcomes available in a user friendly, accessible manner.

Our Mission

Under the direction of the Secretariat Chief Information Officer, the mission of the information technology department is to ensure the Commonwealth a secure, reliable, robust, efficient and highly adaptable collection of digital and infrastructure services through applied technology, engineering and transformational investments.

About the role:

As the Commonwealth of Massachusetts advances its mission to enhance IT efficiencies and effectiveness, we are looking for a Director of Information Security and Compliance Management to assess, design, deploy, monitor and continuously improve upon the Executive Office of Energy and Environmental Affairs (EEA) security posture.

Working in partnership with the Commonwealth SCISO, the dedicated EEA Secretariat Director of Information Security and Compliance Management provides strategic and tactical information security direction for the Executive office, all our agencies and each of the divisions across the Commonwealth. The EEA - Director, Information Security and Compliance Manager is a member of the strategic IT organizational pillars working to transform the delivery of IT services and secured availability of data within the highly unique EEA Secretariat.


Working directly for the EEA Secretariat Chief Information Officer (SCIO), responsibilities may include the following:

  • Audit and protect public and government EEA information data and technology resources
  • In conjunction with the SCIO; plan, execute and lead security control audits across the complete EEA agency landscape
  • Maintain an application inventory with security disposition for the Secretariat
  • Participate in application development penetration test result review
  • Develop an EEA control plan matrix aligned to the NIST SP800-53 publication
  • Prepare system documentation for assessment, risk management and evidenced based audit response to NIST SP800-53 controls
  • Identify deficiencies and provide achievable solutions to accomplish EEA agency short and long-term security posture
  • Facilitate and conduct periodic security audits using all aspects of the control policy, including internally and externally managed applications
  • Participate in the change management process with the Commonwealth Technology and Security Department (EOTSS)
  • Under the direction of the EEA SCIO, act as an EEA liaison to the Enterprise Security Board (ESB)
  • Coordinate the requirements for planned penetration tests and lead the contract development with EOTSS
  • Working with the Director EEA Applications, analyze business continuity and recovery risks for critical applications and services. Present recommendations with an achievable roadmap
  • Analyze and prioritize vulnerability report response plan with EEA application development and infrastructure/network teams
  • Contribute to annual security budget planning
  • Serve as an escalation point for resolving issues, conflicts of priority and obtaining decisions for managing the impact of change
  • Assist in recruiting, developing and retaining top project team talent, including contracted vendor relationships


  • Minimum Bachelor's Degree, preferably in information technology, technology audit, computer science, criminal justice, or related field of study
  • Minimum 6 years working within a highly complex, technology centric organization
  • Minimum 3 years working in a hands-on security architect or auditing role
  • Understanding of auditing functions, including risk analysis and controls
  • Exceptional strategic thinking, creative, problem solving and analytical skills
  • General knowledge of the NIST SP800-53 publication
  • Knowledge with some experience in security control with monitoring in application, database, telecom, and virtual network/computing environments
  • Certification preferred in ITIL and any of the technology security professional series
  • Applies sound decision-making skills with excellent professional judgement
  • Must be able to pass a rigorous background check
  • Experience in the industry of energy or environmental affairs is a plus.


Applicants must have at least (A) five (5) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least one (1) year must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.


I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience.

II. A Bachelor's degree in a related field may be substituted for two (2) years of the required (A) experience.

III. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience.

IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.

An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

Associated topics: chief program officer, cpo, manage, manager, management, monitor, product manager, project manager, relationship manager, task * The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...