Agency Overview

The Department of Revenue's core mission is to collect the revenues required to support the business of the Commonwealth, to make a difference in the lives of children by enforcing the financial responsibilities of parenthood, and to assist Massachusetts cities and towns in sound efficient fiscal management.

Unit Overview

The role of the Internal Audit and Risk Management team is to foster the efficient achievement of the mission and goals of the agency. The unit partners with managers and business process owners to manage risks, identify operational improvements, strengthen controls, safeguard data, and other key resources and foster compliance with laws, regulations, and policies.

Position Summary

The Governance, Risk, and Compliance (GRC) Analyst partners with business and technology owners to facilitate, align, and integrate internal controls and risk management practices across the agency to foster the achievement of the agency’s mission and strategic initiatives.

The GRC Analyst is responsible for assisting in the implementation and continued assessment of the Enterprise Risk Management Program for the agency. As a high-level subject matter expert in governance and risk, this position will apply technical knowledge and skills to assess and mitigate risks related to DOR systems, operations and processes. The ability to compile data from Enterprise Risk Management documentation, to analyze, report on and draw conclusions from that data is a key skill of the job.

Core Responsibilities

Governance
•Manage and evaluate projects related to the business, technology, and information risks, issues, and opportunities
• Timely communicates risks, issues, and opportunities that could affect the agency's mission
• Collaborate with business management and risk liaisons on GRC related matters; provide functional direction as needed.
•Apply standards, frameworks, and best practices from Industry-recognized sources (e.g., National Institute of Standards and Technology (NIST), Information Systems Audit and Control Association (ISACA), Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Risk
•Administer DOR's Enterprise Risk Management (ERM) process
•Evaluate DOR's risk and control frameworks
•Monitor and maintain the Vendor Risk Management project
• Collaborate with risk owners on identifying, assessing, and mitigating risks and control weaknesses

Compliance
•Monitor, test, and report on compliance with laws, regulations, Executive Orders, directives, policies, procedures, contracts, and corrective action plans (CAPs)
•Review compliance with privacy and information safeguarding requirements
•Maintain an inventory of mandated reporting and monitor for compliance

Preferred Qualifications

•Strong business acumen.
•Strong written and verbal communication skills, with a proven ability to articulate security and risk to all levels of the business.
•Experience in project management, auditing, and risk management techniques.
• Experience and understanding of compliance with regulatory requirements and laws, including but not limited to NIST, PCI, ISO 27001/2, or IRS Publication 1075.
• Ability to work cooperatively with others and be part of a team.
• Ability to foster a culture of diversity, respect, and inclusion.

An external candidate recommended for a position with the Department of Revenue will be subject to a background check that includes checks for: state and federal tax compliance; child support compliance; education verification; Massachusetts CORI checks; criminal background checks in state(s) of current and previous residence/employment; validation of eligibility to work in the United States; and national fingerprint-based criminal background checks.

As part of the Future of Work Initiative, the agency has adopted a hybrid work model. Hybrid work is a mix of in-office work and telework. This position will work remotely some days and in-person on other days.

Agency Overview

The Department of Revenue's core mission is to collect the revenues required to support the business of the Commonwealth, to make a difference in the lives of children by enforcing the financial responsibilities of parenthood, and to assist Massachusetts cities and towns in sound efficient fiscal management.

Unit Overview

The role of the Internal Audit and Risk Management team is to foster the efficient achievement of the mission and goals of the agency. The unit partners with managers and business process owners to manage risks, identify operational improvements, strengthen controls, safeguard data, and other key resources and foster compliance with laws, regulations, and policies.

Position Summary

The Governance, Risk, and Compliance (GRC) Analyst partners with business and technology owners to facilitate, align, and integrate internal controls and risk management practices across the agency to foster the achievement of the agency’s mission and strategic initiatives.

The GRC Analyst is responsible for assisting in the implementation and continued assessment of the Enterprise Risk Management Program for the agency. As a high-level subject matter expert in governance and risk, this position will apply technical knowledge and skills to assess and mitigate risks related to DOR systems, operations and processes. The ability to compile data from Enterprise Risk Management documentation, to analyze, report on and draw conclusions from that data is a key skill of the job.

Core Responsibilities

Governance
•Manage and evaluate projects related to the business, technology, and information risks, issues, and opportunities
• Timely communicates risks, issues, and opportunities that could affect the agency's mission
• Collaborate with business management and risk liaisons on GRC related matters; provide functional direction as needed.
•Apply standards, frameworks, and best practices from Industry-recognized sources (e.g., National Institute of Standards and Technology (NIST), Information Systems Audit and Control Association (ISACA), Committee of Sponsoring Organizations of the Treadway Commission (COSO).

Risk
•Administer DOR's Enterprise Risk Management (ERM) process
•Evaluate DOR's risk and control frameworks
•Monitor and maintain the Vendor Risk Management project
• Collaborate with risk owners on identifying, assessing, and mitigating risks and control weaknesses

Compliance
•Monitor, test, and report on compliance with laws, regulations, Executive Orders, directives, policies, procedures, contracts, and corrective action plans (CAPs)
•Review compliance with privacy and information safeguarding requirements
•Maintain an inventory of mandated reporting and monitor for compliance

Preferred Qualifications

•Strong business acumen.
•Strong written and verbal communication skills, with a proven ability to articulate security and risk to all levels of the business.
•Experience in project management, auditing, and risk management techniques.
• Experience and understanding of compliance with regulatory requirements and laws, including but not limited to NIST, PCI, ISO 27001/2, or IRS Publication 1075.
• Ability to work cooperatively with others and be part of a team.
• Ability to foster a culture of diversity, respect, and inclusion.

An external candidate recommended for a position with the Department of Revenue will be subject to a background check that includes checks for: state and federal tax compliance; child support compliance; education verification; Massachusetts CORI checks; criminal background checks in state(s) of current and previous residence/employment; validation of eligibility to work in the United States; and national fingerprint-based criminal background checks.

As part of the Future of Work Initiative, the agency has adopted a hybrid work model. Hybrid work is a mix of in-office work and telework. This position will work remotely some days and in-person on other days.

MINIMUM ENTRANCE REQUIREMENTS:

Applicants must have at least (A) four (4) years of full-time or, equivalent part-time, professional, professional internship, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management or (B) any equivalent combination of the required experience and substitutions below.

Substitutions:

I. A certificate in a relevant or related field may be substituted for one (1) year of the required experience.

II. An Associate's degree in a related field may be substituted for one (1) year of the required experience.

III. A Bachelor's degree in a related field may be substituted for two (2) years of the required experience.

IV. A Graduate degree in a related field may be substituted for three (3) years of the required experience.

V. A Doctorate degree in a related field may be substituted for the required experience.

Comprehensive Benefits

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics?Explore our Employee Benefits and Rewards

An Equal Opportunity / Affirmative Action Employer.Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC)may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.

MINIMUM ENTRANCE REQUIREMENTS:

Applicants must have at least (A) four (4) years of full-time or, equivalent part-time, professional, professional internship, administrative, supervisory, or managerial experience in business administration, business management, public administration, public management, clinical administration or clinical management or (B) any equivalent combination of the required experience and substitutions below.

Substitutions:

I. A certificate in a relevant or related field may be substituted for one (1) year of the required experience.

II. An Associate's degree in a related field may be substituted for one (1) year of the required experience.

III. A Bachelor's degree in a related field may be substituted for two (2) years of the required experience.

IV. A Graduate degree in a related field may be substituted for three (3) years of the required experience.

V. A Doctorate degree in a related field may be substituted for the required experience.

Comprehensive Benefits

When you embark on a career with the Commonwealth, you are offered an outstanding suite of employee benefits that add to the overall value of your compensation package. We take pride in providing a work experience that supports you, your loved ones, and your future.

Want the specifics?Explore our Employee Benefits and Rewards

An Equal Opportunity / Affirmative Action Employer.Females, minorities, veterans, and persons with disabilities are strongly encouraged to apply.

The Commonwealth is an Equal Opportunity Employer and does not discriminate on the basis of race, religion, color, sex, gender identity or expression, sexual orientation, age, disability, national origin, veteran status, or any other basis covered by appropriate law. Research suggests that qualified women, Black, Indigenous, and Persons of Color (BIPOC)may self-select out of opportunities if they don't meet 100% of the job requirements. We encourage individuals who believe they have the skills necessary to thrive to apply for this role.