Chief Information Security Officer

Job Type
Programmatic/Project Management
Executive Office of Housing and Livable Communities
Job Description

Executive Office of Housing and Livable Communities (EOHLC) is seeking a Chief Information Security Officer in the Office of Administration & Finance!



The Executive Office of Housing and Livable Communities (EOHLC) is charged with creating more homes in Massachusetts and lowering housing costs for residents.


Formerly known as the Department of Housing and Community Development (DHCD), EOHLC works with municipalities, local housing authorities, non-profit organizations, and development partners to provide affordable housing options, financial assistance, and other support to Massachusetts communities.



As the Commonwealth of Massachusetts advances its mission to enhance information technology (IT) efficiencies and effectiveness, the EOHLC Chief Information Security Officer (CISO) will assess, design, deploy, monitor and continuously improve upon the Executive Office of Housing and Livable Communities (EOHLC) security posture.


Working in partnership with the Commonwealth Secretariat Chief Information Officer (SCIO), the dedicated EOHLC Secretariat CISO provides strategic and tactical information security direction for the Executive office, and each of the divisions within the Secretariat. The EOHLC-CISO is a member of the strategic IT organizational pillars working to transform the delivery of IT services and secured availability of data within the EOHLC Secretariat.


Working for the EOHLC SCIO and in partnership with the Executive Office of Technology Services and Security (EOTSS) CISO, responsibilities may include the following:


  • Implements EOTSS security framework and ensures compliance
  • Participates in the change management process with the EOTSS CISO
  • Responds to Executive order changes regarding security and confidentiality of citizen information.




1.Design, Deploy & Monitor

  • Implements a security, governance and control framework for EOHLC.
  • Develops, initiates, maintains and revises security policies and procedures.
  • Monitors emerging technologies for potential impacts to operations and long-term strategy.
  • Ensures adherence to legal standards regarding information security compliance; implements and follows industry standards and best practices for security compliance; and develops reliable, efficient, and effective project development processes.


2. Risk Assessment:

  • Identifies potential areas of compliance vulnerability and risk.
  • Directs the development and implementation of corrective action plans for resolution of identified issues.
  • Coordinates risk management and internal audit to direct compliance issues to appropriate reviewing bodies.


3. Interagency Security Operations:

  • Provides strategic and tactical advice to address existing and evolving security threats.
  • In collaboration with Department of Revenue (DOR) Risk Management team, liaises with the Internal Revenue Services (IRS) safeguards and other governing agencies in support of periodic security assessments.
  • Develops communication strategies and builds professional relationships with security peers across the Commonwealth. Collaborates with the Executive Office of Technology Services and Security (EOTSS) on strategic initiatives and security operations.


4. Team Management:

  • Exercises strong leadership, while ensuring resources are appropriate, have adequate tools and work in a cohesive and professional manner.
  • Ensures that staff have adequate and ongoing training and professional development.


5. Senior Leadership:

  • Interfaces with executive and senior leadership and the EOTSS CISO, ensuring consistent and timeliness in basic functions and customer service.
  • Participates as part of HLC senior leadership in developing overall strategies and policies.



  1. At least 10 years of experience in information security or cyber security; with at least 5 years of exposure to various security frameworks, preferably NIST (National Institute of Standards and Technology)
  2. At least 3 years of managerial or supervisory experience in large or matrixed organizations.
  3. Working knowledge of the NIST SP800-53 publication and ISO 27001 standard.
  4. Knowledge with some experience in security control with monitoring in Windows, Linux, database, network, telecom and virtual network/computing environments.
  5. Extensive background in IT.
  6. Extensive background in information security or cyber security.
  7. Extensive experience with policies/procedures, application design, information analysis and reporting, networking and systems integration, security control, audits, risk analysis and disaster recovery.
  8. Excellent written and verbal communication skills, with a proven ability to translate security and risk to all levels of the business in technical and non-technical terms.
  9. Ability to develop and maintain effective working relationships with a variety of stakeholders.
  10. Certification in DoD, IAT, IAM, IASAE, CAP, CASP, CISM and/or ITIL.



Please upload resume and cover letter.


This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days, as needed.


Salary placement is determined by years of experience and education directly related to the position and the Human Resources Division’s Recruiting Guidelines. In the case of a promotional opportunity, the salary provisions of the applicable collective bargaining agreement will apply to placement within the appropriate salary range.


Education, licensure and certifications will be verified in accordance with the Human Resources Division’s Hiring Guidelines. Education and license/certification information provided by the selected candidate(s) is subject to the Massachusetts Public Records Law and may be published on the Commonwealth’s website.



A background check will be completed on the recommended candidate as required by the regulations set forth by the Human Resources Division prior to the candidate being hired.



MINIMUM ENTRANCE REQUIREMENTS: Applicants must have at least (A) six (6) years of full-time or, equivalent part-time, professional, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management of which (B) at least two (2) years must have been in a project management, supervisory or managerial capacity or (C) any equivalent combination of the required experience and substitutions below.



I. A certificate in a relevant or related field may be substituted for one (1) year of the required (A) experience.

II. A Bachelor's degree in a related field may be substituted for two (2) years of the required (A) experience.

III. A Graduate degree in a related field may be substituted for three (3) years of the required (A) experience.

IV. A Doctorate degree in a related field may be substituted for four (4) years of the required (A) experience.


Comprehensive Benefits:

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics? Explore our Employee Benefits and Rewards! at


An Equal Opportunity / Affirmative Action Employer.  Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.


The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law.  Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements.  We encourage individuals who believe they have the skills necessary to thrive to apply for this role.


Official Title: Administrator VII

Functional Title: Chief Information Security Officer

Primary Location: United States-Massachusetts-Boston-100 Cambridge Street

Job: Information Systems and Technology

Agency: Executive Office of Housing and Livable Communities

Schedule: Full-time

Shift: Day

Job Posting: Mar 11, 2024, 1:56:55 PM

Number of Openings: 1

Salary: $95,982.38 - $148,039.17 Yearly

Bargaining Unit: M99-Managers (EXE)

Confidential: No

Potentially Eligible for a Hybrid Work Schedule: Yes


If you have Diversity, Affirmative Action or Equal Employment Opportunity questions or need a Reasonable Accommodation, please contact Diversity Officer / ADA Coordinator: Jessica Molina - 8572480160