Job Description

JOB SUMMARY

As Director of Cyber Security at the Massachusetts State Lottery Commission, you will be responsible for crafting and executing our enterprise-wide cyber security strategy, overseeing a team of security professionals, and ensuring the ongoing resilience of our information security posture. You will be a trusted advisor to senior management, effectively communicating the evolving cyber threat landscape and collaborating across departments to integrate security best practices into all operations.

ESSENTIAL FUNCTIONS

• Architect and Champion Security Strategy: Define and champion a comprehensive cyber security strategy aligned with corporate objectives, industry best practices, and regulatory requirements.
• Lead Security Program Execution: Oversee the implementation and continuous improvement of the security framework, technical guidelines, and information risk mitigation efforts across the entire organization.
• Executive Management Communication: Regularly communicate the status, effectiveness, and strategic roadmap of the cyber security program to executive management.
• Technical Expertise and Collaboration: Act as a subject matter expert on cyber security, collaborating and liaising with information technology departments to ensure alignment and integration.
• Threat Awareness and Translation: Synthesize and communicate the latest security trends and issues in a clear and actionable way, translating the impact to corporate relevance.
• Compliance and Regulatory Engagement: Confidently communicate with auditors and regulators on cyber security topics, ensuring compliance and demonstrating a proactive security posture.
• Resource Management and Advocacy: Proactively communicate resource constraints and capability gaps to the CTO, advocating necessary investments in cyber security solutions.
• Departmental Leadership: Establish departmental priorities, roadmaps, and provide daily operational tasks ensuring comprehensive coverage.
• Budget and Procurement Management: Manage new and recurring departmental procurements within an allocated budget.
• Third-Party Security: Represent and advocate for the Lottery's security interests when engaging with vendors and other third-party organizations.
• Vulnerability Management and Compliance: Administer vulnerability management processes, ensuring ongoing internal compliance and reporting.
• Incident Response Leadership: Lead the information security incident response process, managing all aspects of identification, containment, eradication, and remediation.
• Security Awareness and Training: Develop and administer information security and privacy training programs for all employees across the organization.
• Security Control Monitoring: Continuously monitor security controls to optimize effectiveness and maturity.

• The events of certain circumstances (i.e., State of Emergency, Lottery need, etc.) may determine this position as "essential".
• Must be able to travel to Lottery offices statewide and/or other locations, as required.

• Minimum 10 years of experience in information security leadership roles, with a proven track record of building and leading successful security programs for large organizations.
• Strong understanding of cyber security frameworks, methodologies, and best practices (e.g., NIST Cyber security Framework, CIS Controls, COBIT).
• In-depth knowledge of security architecture, network security, application security, cloud security, and information security risk management.
• Experience managing and leading a team of cyber security professionals.
• Excellent communication, collaboration, interpersonal, and negotiation skills.
• Strong analytical, problem-solving, and decision-making skills.
• Ability to think strategically, translate security risks into business context for senior management, and advocate for security investments.
• A passion for cyber security and a commitment to continuous learning.
• Bachelor's degree in Computer Science, Information Security, or a related field (Master's degree a plus).
• CISSP, CISA, CISM, or other relevant cyber security certifications highly preferred.