The powers and obligations of the Office of the Comptroller are generally dictated by M.G.L. c. 7A.

Position Summary

The Office of the Comptroller is seeking a Risk and Security Analyst position assigned to the Statewide Risk Management Team (SRMT). The position reports to the Assistant Comptroller for Risk. This position is responsible for departmental reviews to determine compliance by Commonwealth departments with internal controls, state finance law, and Comptroller regulations and policies. Additionally, this position will apply technical knowledge and skills to assess and mitigate risks related to CTR systems The ability to mine data from the Commonwealth's Enterprise systems, to analyze, report on and draw conclusions from that data are key skills of the job.

Strong analytical, communication and presentation skills, along with experience writing reports and recommendations are critical skills for the successful candidate. This position requires a self-starter with capabilities and attributes which include the following: attention to detail; superior time management and solid multitasking skills; ability to contribute and work productively as part of a team; positive attitude; capacity to remain flexible and learn new accounting, auditing and technical standards as necessary; and the ability to work well under pressure.

Specific Duties:

• Perform data analysis and risk assessments of state departments':
  • Security roles usage, compliance and access
  • Risk ratings for overall compliance with Comptroller polices, regulations and state finance law
• Provide technical assistance and advice to departments on internal controls
• Serve as lead analyst for the statewide Internal Control Certification (ICC) - formerly the Internal Control Questionnaire)
  • Participate in department ICC interviews
  • Learn application/s for developing department risk profiles
• Conduct training and retraining of Department Security Officers (DSOs)
  • Maintain updated Security Guides for MMARS and HRCMS
• Analyze technical vulnerabilities and assess the potential impact of security threats on internal controls
• Maintain knowledge and understanding of how information systems operate, including software, hardware, and networks, to effectively assess risks monitor compliance and the effectiveness of robust internal control plans.
• Support Security Team with Enterprise System(s) access requests as additional resource
• Lead the semi-annual statewide Department Security Access review and approval process
• Conduct training of Comptroller employees on the relationship of department devices (laptops, cell phones, etc.) and fraud awareness/phishing training
• Review Commonwealth departments' Internal Control Plans and provide technical assistance and advice to departments on internal controls
• Participate in Incident Responses - protecting enterprise systems, aiding departments with internal control advice, tracking tasks
• Conduct department desk reviews to determine compliance with state finance law and Comptroller policies and regulations
• Serve as administrator for banking verification application
• Assist SRMT in other areas as assigned by Team leadership (e.g. Single Audit)
• Remain current on CTR oversight policies
• All employees of CTR may be asked to engage in other assignments on an as needed basis

Bargaining Unit / Salary Range NAGE Unit 6 / Grade 14: $ 73,566.74 - $ 107,580.72

As per the Unit 6 Collective Bargaining Agreement between the Commonwealth of Massachusetts and the National Association of Government Employees the range is based upon a series of steps. Any potential offer is determined based upon an analysis of the minimum entrance requirements, the candidate's relevant work experience and educational achievement level.

Benefits Package

CTR is pleased to offer a comprehensive benefits package for its employees and managers. The specific components and eligibility may vary based upon position classification, hours worked per week and other variables. Therefore, specific benefits for this position may be discussed as part of the interview and offer process.

The overall benefits available include paid vacation, sick and personal leave time, health, dental and vision insurance through the Commonwealth's Group Insurance, and optional pre-tax Health Savings Account plans. Details of the various plans and the cost split between employer and employee may be reviewed by looking at the Group Insurance website, https://www.mass.gov/orgs/group-insurance-commission and/or as part of the interview process.

CTR employees also participate in the Commonwealth's State Retirement Plan, which may become a Defined Benefit Plan for those that both vest and subsequently retire from State service. Follow this link for additional retirement information: http://www.mass.gov/treasury/retirement/state-board-of-retire/

In addition, CTR provides employees the opportunity to elect life insurance, long term disability insurance, deferred compensation savings, tuition remission, pre-tax commuter account plans, along with other programs.

CTR Hybrid Work Model

CTR operates under a hybrid work model. Under this policy, employees are currently required to work a minimum of four business days per month (two set by management and two set by the employee) on-site at CTR's Boston office and may work remotely the remainder of the time at a location approved by their supervisor, so long as they comply with the requirements of the telework policy. Under this policy, all employees must be able to report to the Boston office with little or no notice, even including the same workday should an exigent circumstance arise. Therefore, a reasonable proximity to the office is necessary. CTR does not reimburse for employees to travel to the office.

In addition, the successful candidate may be required to work primarily on site in Boston during the initial training and orientation period and/or for certain positions a primarily on-site role may be necessary.

Commitment to Diversity

CTR is committed to building a diverse staff at all levels across its entire agency.

CTR IS AN EQUAL OPPORTUNITY/AFFIRMATIVE ACTION EMPLOYER.

Application Process

The Office of the Comptroller encourages interested candidates that meet the minimum entrance requirements and qualifications to apply for this position.

Interested candidates must submit their materials electronically, by E-mail no later than 5:00 pm, on October 7, 2024.

Submissions should include the following:

• a cover letter; and

• resume.

Candidates chosen to advance to a second-round interview will also be required to submit:

• three business writing samples; and

• three professional references.

Please include position title and posting number (FY25-007) in the subject line of your submission. Your application package should be submitted to:

CTR-HR@mass.gov

Late submissions may be considered solely at the discretion of CTR.

Required Background Check - Including Tax Compliance:

CTR requires a background check on all prospective employees as a condition of employment.

Candidates should know that the background check is not initiated until:

1. A candidate is invited to a second or subsequent interview and

2. The candidate has signed the Background Check Authorization Form and related releases.

This background check includes a Criminal Offender Record Information (CORI) check, and Commonwealth Department of Revenue state tax compliance on all prospective employees as a condition of their employment.

Candidates with advanced degrees and professional licenses may have these credentials verified.

Individuals other than those references provided by a candidate may be contacted in the course of completing a full background and qualification check.

Further Information:

Please visit https://www.macomptroller.org for more information about the Office of the Comptroller.

Qualifications

P r e f erred Q u a li f i c a t io n s

• Demonstrated experience in one or more of the following: business analysis or operations, data analytics, security, internal controls, compliance

• Ability to analyze and critique business processes and evaluate the effectiveness of internal controls

• Experience with data analytics and/or visualization tools

• Knowledge of the principles and practices of risk management, internal controls, and fraud detection/prevention

• Experienced user of MMARS, HRCMS, and CIW

• Experience implementing Comptroller's Internal Control Guide, ERM principles and Fraud Prevention tools in a Commonwealth Agency

• Ability to travel with i n the G rea t e r B o st o n are a a nd acr oss the C ommonw ea l t h of M a ss ac hu s e t t s m a y be re qui r e d fr om time to ti m e

Required Qualifications

• Abili t y to w o rk both ind e p e nd e nt l y a nd in a t e a m s e t t i n g

• Proficiency in assessing the impact of regulations and legislation on business functions

• Ability to perform accurate and timely research

• Skilled in the presentation of information through data analysis and interpretation

• Provide solid and informed advice and recommendations

• Ability to develop relationships with the operational and management teams at external agencies, partners or clients including with colleagues within the various Business Units of a complex organization

• Proficiency with Microsoft Office 365 tools

M i n i m u m En t r a n c e R eq u i re m e n t s

Applicants must have at least (A) four years of full-time, or equivalent part-time, professional experience in electronic data processing of which (B) at least two years must have been in work in which the

major duties included computer systems analysis, or (C) any equivalent combination of the required experience and the substitutions below.

SUBSTITUTIONS:

I. An Associate's degree with a major in the field of data processing or computer programming may be substituted for a maximum of one year of the required (A) experience.

II. A Bachelor's degree with a major in the field of data processing or computer and/or information

science may be substituted for a maximum of two years of the required (A) experience.

III. A Graduate degree with a major in the field of data processing or computer and/or information

science may be substituted for a maximum of two years of the required (A) experience.

IV. A diploma for completion of a two year full-time, or equivalent part-time, program in a recognized non-degree granting business or vocational/technical school above the high school level with a major in the field of computer programming may be substituted for a maximum of one year of the required (A) experience.

V. An official transcript from a recognized business or vocational/ technical school as evidence of completion of a program consisting of at least 650 hours of instruction in the field of computer programming may be substituted for a maximum of one year of the required experience.

VI. Graduation from the data processing course of a recognized vocational/technical high school may be substituted for a maximum of one year of the required experience.

*Education toward such a degree or diploma will be prorated on the basis of the proportion of the requirements actually completed.

NOTE: No substitution will be allowed for more than two years of the required (A) experience.

NOTE: No substitution will be allowed for the three years of the required (B) experience.