Join us to hear from remarkable Latinas who have overcome unique hurdles to achieve success in their careers.
09/11/2024
4:00pm - 5:30pm
PwC
The Fierce Urgency of Now Festival brings Boston’s diverse young professionals together with business leaders, organizations, and their peers to build connection, advance careers and ignite positive change.
09/14/2024 -
09/17/2024
Suffolk University
Join us to hear from experts on the evolving ecosystem of data and targeting, revealing answers to pressing questions in the industry.
09/24/2024
5:30pm - 7:30pm
Wayfair
Go deeper than basic DEI training to achieve higher productivity, satisfaction, and revenue growth with our new corporate workshop.
Join our Transformational DEI Certificate! Our comprehensive learning & development offerings are designed to connect and grow strong leaders who lead both inside and out of the office.
Our Women’s Leadership Program enables you to take your leadership to the next level by arming you with the most in-demand leadership toolkit.
Our Boston’s Future Leaders (BFL) program provides emerging leaders with a socially conscious and civically engaged leadership toolkit, as well as the opportunity to apply their knowledge through experiential assignments.
City Awake empowers young professionals in a variety of ways that encourages these rising leaders to stay invested in the region’s future success.
We are developing an ecosystem of corporations and partners with the influence and buying power to transform economic inclusion for minority business enterprises (MBEs).
BIMA (the Boston Interactive Media Association) serves a vibrant community of like-minded professionals from agencies, brands, publishers, and ad-tech companies with business interests in the New England market.
For 30 years, the Chamber’s Women’s Network has connected female professionals of all background and career levels. Today, our Women’s Network is the largest in New England, strengthening the professional networks of women each year.
The Massachusetts Apprentice Network convenes employers, training providers, and talent sources interested in developing and implementing apprenticeship programs in occupations across industries and statewide in fields such as tech, advanced manufacturing, healthcare, financial services, and more.
We support small business through public policy initiatives, events designed to connect small businesses in Greater Boston to their peers and established business leaders, professional development offerings, and free small business advising.
Explore our mission and values to better understand how we are leading the business community forward.
Our member directory is your resource to discover, connect, and engage with Boston’s businesses from every industry and sector.
The Massachusetts Gaming Commission (“MGC”) seeks an Information Security and Privacy Analyst reporting to the Information and Network Security Manager to establish, review and maintain the full range of information technology policy and oversight programs for MGC in accordance with applicable laws and regulations. This includes, but is not limited to, formulating information technology policies designed to oversee the gaming industry’s responsibilities to identify, assess and remediate Technology, Data, and Cybersecurity Risk relating to licensed gaming activities in Massachusetts.
The role requires strategic vision and the ability to influence change and communicate a coherent understanding of how to efficiently and effectively oversee the security and data protection practices of MGC licensees. This position must develop a staffing plan to review 3rd party security audits of MGC licensees and ensure that licensees address and document risk areas identified in audit reports. Critical aspects of the work involve providing expert advice and guidance on the capabilities and limitations of IT security oversight for MGC licensees. Providing expertise and leadership in ensuring MGC licensees understand the regulatory requirements relating to security, privacy, and compliance responsibilities. All duties are to be performed in accordance with MGC policies, practices, and procedures.
Duties and responsibilities include, but are not limited to, the following:
Plan, organize, and direct the analysis, design, development, implementation, and operation of information security and data protection requirements for MGC licensees.
Consult with ITS senior staff, operational experts, industry technical compliance, information security staff, and third-party security experts to determine information systems risk control requirements and the operational and oversight controls needed to verify compliance with the requirements.
Provide guidance and assistance to staff on resource capabilities relative to the risk control framework for information security and data protection practices of MGC licensees.
Research operational requirements related to information and data security risk control measures used in the gaming industry and develop performance metrics to evaluate the effectiveness of similar MGC requirements for its licensees.
Establish and maintain communication with peer gaming regulatory staff responsible for information and data security and leverage resources to promote efficiency and more effective oversight of common licensees.
Oversee internal and external information security awareness training and educational activities relating to MGC’s oversight of the gaming industry.
Review and recommend amendments to statutes and administrative rules that pertain to gaming industry information and data protection security.
Continuously review and update information security and investigations procedures to ensure compliance with all regulated and unregulated standards pertaining to the responsible operation of licensed gaming activities in Massachusetts.
Develop a plan for information security and data protection initiatives and create cost estimates, work plans, and timelines for MGC oversight and industry compliance education efforts.
Research new technologies to enhance MGC’s information security and data protection risk control programs.
Monitor overall operational efficiency and initiates projects to improve performance.
Create minimum standards for information security professionals used by MGC licensees and create a certification program for such professional service providers.
Develop metrics to evaluate services provided by certified professional service providers of network security auditors and otherwise develop oversight procedures for third-party risk control professionals involved in performing compliance work related to MGC information security and data protection requirements.
Provide consultative guidance and direction to leadership on the utilization and capabilities of the MGC’s information security and data protection oversight activities.
Maintain awareness of potential cyber-attack technologies, methods, and signatures.
Direct the training of subordinate staff to ensure they are kept up to date with changes in information security and data protection. Prepares progress reports to inform management of project developments and deviations from objectives; consults with specialist or technical personnel to solve complex problems.
Possess a working knowledge of all MGC Regulations, policies, and procedures.
Ensure that the objectives under the Information Security Department align with applicable laws, regulations, policies, and MGC’s code of ethics.
Other projects assigned by the Chief Information Officer.
Our Benefits: Hybrid work environment; MA State Retirement Plan (Pension); a 9000 sq. foot on-site Fitness Center; Tuition Remission for yourself and your spouse to MA Community Colleges and State Universities; Medical, Dental, Vision, Life, and Disability insurance; 12 paid Holidays; Deferred Compensation 457(b) Plan; Flex Spending for Healthcare, Daycare, and Transportation; Three weeks’ Vacation to start , three Personal Days and 15 Sick Days per year; Health Insurance Buy-out option; convenient Downtown Boston location.
Required Education and Experience:
Bachelor’s degree from an accredited college or university in Computer and Information Science, Computer Engineering, Computer Systems Analysis, Information Cybersecurity and five (5) years of progressive information security experience across various information security/information technology risk management domains such as but not limited to application security, infrastructure security, identity, and access management, vulnerability and cyber threat management, security architecture, etc.
Substitutions:
Additional appropriate experience in progressive information security/information technology risk management substitutes for the degree requirement on a year-for-year basis.
Additional appropriate education in Master’s Degree or Doctorate substitute for the required experience on a year-for-year basis.
Required Skills & Abilities:
Security certifications, e.g., CISSP, CISA, CISM, CCSP.
Previous knowledge and experience in designing and architecting information technology and security controls across complex and diverse networks, applications, and infrastructures are strongly preferred.
Technical aptitude, critical thinking skills, and the ability to think outside the box.
Demonstrated ability to solve complex information security problems, observe security risks and weaknesses, and provide security recommendations to the respective project and delivery teams.
Ability to translate technical risk issues to business leaders and upper management. Excellent verbal, written, and interpersonal communication skills.
Detail-oriented and value teamwork.
Knowledge of the Massachusetts gaming statutes and regulations.
Ability to resolve problems as they arise and handle situations expediently.
Must be able to work a flexible schedule according to business needs, including evenings, weekends, and holidays.
Preferred Skills & Abilities:
The following preferred experience(s), competencies, and abilities are highly desirable for this position and will be considered in selecting the successful candidate:
Applicants with progressive gaming industry information security experience are strongly encouraged to apply.
Demonstrated experience as a supervisor of a unit with at least two employees.
In-depth knowledge and experience working with common regulatory framework applications related to data security, including HIPAA, HITRUST, - General Data Protection Regulation (GDPR), National Institute of Standards & Technology (NIST) standards, Payment Card Industry Data Security Standard (PCI), and similar constructs are highly desired.
Demonstrated experience in the evaluation, selection, and decision-making as it relates to gaming security controls.
Salary is commensurate with experience.
The successful candidate will be required to pass an extensive background check that includes a full credit check, CORI, drug screen, review of income tax standing with the IRS and DOR, and fingerprinting.
The Massachusetts Gaming Commission is responsible for the implementation of the expanded gaming law (Chapter 194 of the Acts of 2011). Under the law, the Commission is tasked with establishing a regulatory framework for the solicitation, licensing, taxation, and oversight of a maximum of three casino licenses and one slots parlor license in Massachusetts.
It is the policy of the Massachusetts Gaming Commission and the Commonwealth of Massachusetts to afford equal employment opportunities to all qualified individuals, without regard to their race, color, ancestry, religion, sex, sexual orientation, national origin, age, physical or mental disability, citizenship status, veteran status, gender identity or expression, or any other characteristic or status that is protected by federal, state, or local law.
Popular Resources