Duration: 6 weeks to start
Job Description:
- The client Enterprise Risk Management (ERM) program is seeking a qualified Cybersecurity Audit Analyst with a minimum of five (5) years of relevant experience.
- The selected candidate will play a key role in executing and enhancing the Commonwealth’s cybersecurity audit program, including both internal audit activities and coordination of external audit responses.
- This position requires strong knowledge of cybersecurity frameworks, auditing methodologies, and risk management practices, along with the ability to work collaboratively across agencies and organizational levels.
- As a member of the ERM team, you will significantly contribute to the Commonwealth-wide governance, risk and compliance program ensuring compliance with all relevant legislative, regulatory, statutory, and contractual requirements related to Information Security.
- The incumbent will collaborate with various members and levels of the organization to ensure we are reviewing and updating our applications, systems, user lists, and vendor reviews on a regular periodic and continuing basis.
Responsibilities include:
Internal audit review
- Assist deputy chief risk officer, continue to formalize and automate the ERM audit program
- Conduct regularly scheduled reviews of internal processes to ensure recommended risk mitigating controls are fully implemented, followed, documented and effective.
- Coordinate with ERM risk analysts to ensure internal reviews include current mitigating control recommendations
- Employ analytical skills to conduct audit tests, participate in meetings and interviews, and assess procedural documentation
- Create comprehensive reports of audit findings to inform staff and executives of needed updates or improvements
- Proactively inform senior management of significant risks or exposures related to internal controls, compliance, and/or governance requiring prompt attention
- Manage the process to track, follow up, and ultimately ensure closure of all open audit issues
External audit response
- Coordinate and follow through with numerous individuals for various audit responses
- Obtain and provide comprehensive responses to internal and external audit requests.
- Build and maintain positive working relationships across all levels and functional areas.
- Meticulously track and document responses to and from multiple sources in a timely and succinct manner.
- Oversight of the internal audit liaison program
- Assist documentation of ERM audit program practices and procedures to include templates and reference guides.
- Plan and schedule program deliverables, goals, milestones.
- Other responsibilities as assigned.
Required ERM Knowledge, Skills & Abilities:
- At least five (5) years of experience in cybersecurity audit, IT audit, risk management, or compliance
- Strong knowledge of cybersecurity and control frameworks (e.g., NIST, CIS Controls)
- Experience performing audits, risk assessments, program evaluations, and conducting research using quantitative and qualitative methods in a government or highly regulated environment.
- Demonstrate ability to multitask, prioritize, and meet deliverables for various and fluid responsibilities and initiatives.
- Exceptional organizational skills include acute attention to detail especially involving the gathering, updating, tracking, and reporting of data from multiple sources.
- Ability to maintain a consistent and timely follow-through of all requests requiring a response from various members and all levels of the organization.
- A working knowledge of IT, Network infrastructure, software application and software vendor disciplines desired.
Required General Knowledge, Skills & Abilities:
- Strong work ethic
- Excellent verbal and written communication skills
- The ability to work independently as well as part of a team.
- Strong adaptability to evolving challenges and changing priorities.
- Ability to think critically, analyze situations, solve problems, and make informed decisions to address complex challenges.
- Strong ability to understand and effectively communicate (verbally and written) across varying levels of the organization.
- Some technical knowledge is preferred.
#LI-Hybrid
