The Executive Office of Technology Services and Security (EOTSS)is the state’s leading office for information technology. We provide enterprise level information technology services including network management and security; computer operations; application hosting; desktop provisioning and management; and modern and responsive digital services to 40,000 internal stakeholders plus the residents, business owners and visitors to the Commonwealth of Massachusetts. EOTSS is seeking to hire aVulnerability Management Program (VMP) Managerto join theEOTSS Security Operations Vulnerability Management Team.The Vulnerability Management Program Manager will be primarily responsible in assisting the Director of Security Operations in managing and reporting on team activities and projects that support internal and external vulnerability scanning, perimeter assessments, and timely vulnerability remediation for the Executive Office of Technology Services and Security. The Vulnerability Management Program Manager will be responsible for contributing to the analysis, development, and implementation of standards-based vulnerability and risk management control frameworks and technologies for the Commonwealth’s Information Security infrastructure and applications. This individual will serve as a senior internal information security resource, providing guidance, leadership & security strategy, while actively managing and mentoring a team of administrators and analysts. The primary work location for this role will be200 Arlington Street Chelsea, Massachusetts 02150. The work schedule for this position isMonday thru Friday, 9AM to 5PM EST. This position would be expected to follow a hybrid model of reporting to work that combines in-office workdays and work from home days as needed (currently a 40% on prem and 60% remote work arrangement). Responsibilities: · Lead and manage a team of security analysts, fostering a culture of collaboration, continuous learning, and high performance in supporting the Vulnerability Management Program. · Promotes a candid, collaborative, and positive work environment while being accessible to team members and stakeholders. · Manage team performance by delivering valuable coaching and feedback and documenting in performance management system (EPRS). · Ensures and oversees the creation and updates to team documentation including standard operating procedures and playbooks. · Manage and optimize work intake processes to effectively complete security related work requests. · Ensures that VMP projects are managed, timelines are adhered to, deliverables are complete and documented. · Contribute to the development and institutionalization of the Commonwealth's security best practices, policies, and standards, while providing and promoting security awareness. · In collaboration with security architects and engineers, assist in the research, analysis, design, and implementation of tactical and strategic security solutions. · Supervise and actively mentor enterprise security office staff members, within own group and others as appropriate. · Support and assist in ongoing projects or specified service request deployment validation & verification. · Support the Commonwealth’s Enterprise IT Security Compliance and Assurance Program with technical assessment services. · Support and co-lead incident & problem resolution support in a timely and effective manner as necessary and/or requested. · Delegates decision making authority appropriately. · Demonstrates timely and accurate completion of financial and administrative duties. Preferred Knowledge, Skills, and Abilities: · Five (5) years of enterprise-class information technology and security vulnerability management experience with the capabilities in elevating a vulnerability program with proper reporting in place and ability to identify enhancements. · Five (5) years of relevant experience in a supervisory capacity managing small to medium sized teams in a large IT enterprise environment. · Strong hands-on experience and knowledge with Cloud Technologies: (e.g., related to Fundamentals, Security, Amazon AWS, Microsoft Azure, Google Cloud Platform). · Strong knowledge and experience evaluating, designing, testing, and supporting hardware and software-based security. · Strong knowledge and experience with information security and network communications practices and principles, technologies, and systems. · Proficient knowledge and experience with vulnerability scanning plus risk and mitigation best practices. · Ability to stay knowledgeable of cybersecurity trends and emerging threats. · Proficient knowledge and proven experience with the following skillsets: o Networking/Data Communications o Risk Management o Operating Systems (e.g., Windows/Linux) o Vulnerability management tools such as Tenable and Palo Alto Xpanse o Other Security Tool sets/categories (e.g., Firewalls, Routers/switches, Database, Web Servers, Applications); Common vulnerabilities, CVEs, and CWEs; Encryption and cipher technologies · Experience with security frameworks such as NIST (e.g., NIST 800-53) and CIS. · Demonstrated experience and success with development and promulgation of enterprise-class security policy and standards. · Demonstrated experience and success with completion of risk assessments and vulnerability assessments. · LAN/WAN operational experience, including networking, OS, web/application/Database servers, storage, hardware, firewalls, and monitoring and detection tools. · Excellent people management, communication, and customer interaction skills. · Ability to work independently, manage projects, and exercise judgement in reaching solutions. · Ability to quickly grasp how new technologies work and how they might be applied to achieve business goals. · Demonstrated ability to communicate effectively, both orally and in writing. Certification(s): · CISSP, A , Security , CEH, CISA, CRISC, or other IT security operations/vulnerability management certifications is a plus, but not required. First consideration will be given to those applicants that apply within the first 14 days. Please see Preferred Qualifications. *Comprehensive Benefits* When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future. Want the specifics? Explore our Employee Benefits and Rewards! An Equal Opportunity / Affirmative Action Employer. Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply. The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC) may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role. Job: Information Systems and Technology* *Organization: Exec Office of Technology Services and Security *Title: *Vulnerability Management Program Manager Location: Massachusetts-Chelsea-200 Arlington Street Requisition ID: 23000E4T