- Perform cyber risk assessments against City cybersecurity requirements
- Conduct Vendor Risk Assessments to assess security posture of vendors
- Support the cyber awareness training and education program, including phishing simulations
- Track and monitor risk mitigation plans
- Develop routine reports in accordance with GRC metric.
- Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards
- Conduct technical research to aid in threat assessment or risk mitigation activities
- Perform assessments of adherence to standards
- Perform review of policies and supporting procedures/processes
- Stay on top of changes in the industry as it relates to security
Job Type:This Permanent Exempt - Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.
Nature of Work:
Incumbent must be willing to work a 40-hour week as determined by the department. Travel within San Francisco may be required.
The incumbent must be a resident of the State of California or be willing to relocate within 4 weeks of beginning employment with the City and County of San Francisco.
Work Location:
Incumbent will conduct the majority of work at the Department of Technology, (1 S Van Ness, Ave San Francisco, CA However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.
This position does not support fully remote work. Employees may be permitted to work a hybrid schedule with supervisor approval, after which they must work at least two days in the office every two weeks.
Qualifications:
QualificationsEducation:
An associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].
Experience:
One (1) year in the information systems field, including technical support, content management, administration of network applications or system analysis.
License and Certification:
Substitution:
Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.
Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.
Desired Qualifications:
- Comfortable with quantitative risk management, Factor Analysis of Information Risk (FAIR).
- Familiar with GRC platforms (i.e. SNOW, LogicGate, OneTrust, etc).
- Possess security certifications (i.e. Security+, CISA, CISM, CRISC, etc).
- Preferred skills in SharePoint and reporting services
- Familiar with Privacy concepts.
- 1-2 years working in a cyber Governance, Risk and Compliance type role
- Risk Analytics experience within IT
- Familiar with cybersecurity frameworks (NIST CSF/RMF, NIST 800-53, FedRAMP, etc.
- Familiar with security standards (i.e. HIPAA, PCI-DSS, etc).
- Familiar with vendor risk management assessments (i.e. SOC2, CAIQ, etc)
- Comfortable having a technical discussion
- Proficient in Excel or similar
- Ability to define and communicate risk in business-relevant language
- Excellent verbal and written communication skills
- Ability to communicate IT risk concepts to non-technical people
Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.
Note:- Security Clearances & Background Investigations: Criminal Justice Information Services (CJIS) Security Clearance may be required. Positions in this classification may require that successful candidates who become eligible for appointment may be required to go through a background investigation to determine the candidate's suitability for employment in this classification. Factors considered in the investigation may include employment history, use of illegal/controlled substances. Reasons for rejection based on this investigation may include, but not limited to applicable convictions, repeated or serious violations of the law, inability to accept supervision, inability to follow rules and regulations, falsification of application materials and/or other relevant factors. Failure to obtain and maintain security clearance may be basis for termination.
Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employer's official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employee's class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at
Note: Falsifying one's education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.
Additional Information
Compensation: $106,470 - $133,926 (annually) / $ $ hourly)
_ How to Apply_
- Application Deadline: This position is open until filled.
- Your application MUST include a resume. To upload, please attach using the "additional attachments" function.
- In additional to submitting your application, you MUST submit this supplemental questionnaire:
You may contact Carol Wong via email at with questions regarding this opportunity.
Late or incomplete submissions will not be considered. Mailed, hand delivered or faxed documents/applications will not be accepted.
_ Helpful Information_
- Information About the Hiring Process
- Conviction History
- Employee Benefits Overview
- Equal Employment Opportunity
- Disaster Service Worker
- ADA Accommodation
- Veterans Preference
- Right to Work
- Copies of Application Documents
- Diversity Statement
Right to Work:
All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States.
The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.
- Comfortable with quantitative risk management, Factor Analysis of Information Risk (FAIR).
-
City & County of San Francisco (CA) San Francisco, United StatesThis announcement has been updated to adjust the Company Description. · Why Work for the Department of Technology (DT)? DT is the centralized technology services provider in the City and County of San Francisco (CCSF). We deliver technology infrastructure and services to approxim ...
-
New York Foundation for the Arts San Francisco, CA, United StatesAn incredibly creative and cutting-edge music program. As an essential member of the TAC Ops team, you will help to support our growing department and help to create an outstanding experience for students, faculty and fellow staff. You will play a crucial role in supporting the E ...
-
New York Foundation for the Arts San Francisco, CA, United StatesWelcome to TAC An incredibly creative and cutting-edge music program. We are seeking a highly organized and detail-oriented individual to join our team as a department manager. As an essential member of the TAC Ops team, you will help to support our growing department and help to ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · The Department of Technology (DT) is looking for a System Integration Developer responsible for performing all aspects of the design, development, integration, installation, maintenance, and support of the JUSTIS API. The Developer will perform these functions f ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · ABOUT TEAM: · The Department of Technology's Public Safety division operates and maintains several critical systems such as 911 Radio, Fiber, Emergency Alert, crime prevention camera, burglar alarm, fire alarm call box, PBX's, VoIP phones and other in-building w ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · Position: · Under supervision, performs semi-skilled and labor-based line work in the maintenance, repair, and installation of communication cables and infrastructure for the City's fiber network. Work may also include installation of copper wiring, Category 5/6 ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · Under direct supervision of Principal Network Engineer, the Journey Network Engineer will perform, support and assist in the LAN Remediation projects and Departmental Moves. The incumbent will provide functional guidance to Seniors Network Engineers and other me ...
-
Phoenix Innovations Benicia, United StatesAn employee (m/f/d) is being sought for the Department of Building Technology in the Benicia office of Mittelangeln at the earliest possible date. · The building department plans, accompanies and is responsible for the construction projects of our approximately 40 properties of t ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · Under supervision, performs difficult and complex professional level installation and repair duties in a variety of functional areas, such as: the installation, calibration, maintenance, testing, troubleshooting, repair, and modification of electronic equipment; ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · ABOUT TEAM: · The Department of Technology's Public Safety division operates and maintains several critical systems such as 911 Radio, Fiber, Emergency Alert, crime prevention camera, burglar alarm, fire alarm call box, PBX's, VoIP phones and other in-building w ...
-
City and County of San Francisco San Francisco, United States Full timeJob Description · Position: · The Public Safety Division at DT is an overhead and underground construction shop who maintains critical systems and infrastructure throughout San Francisco such as Police and Fire Emergency communications, Municipal Fire Alarm System and 800 megaher ...
-
Access Technology Specialist
1 week ago
LightHouse for the Blind and Visually Impaired San Francisco, United States**POSITION**:Access Technology Specialist · **REPORTS TO**:Director of Access Technology · **STATUS**: Full-Time, Exempt · **JOB CLASSIFICATION**:Specialist II · **UNION ELIGIBLE**:Yes · **WORK ARRANGEMENT**: Hybrid (3 days/week in office) · **LOCATION**: San Francisco, Californi ...
-
Division of Medical Physics
1 week ago
UC San Francisco Academic San Francisco, United States**Application Window**: · **Open date**:April 23, 2024 · **Next review date**: Thursday, May 23, 2024 at 11:59pm (Pacific Time) · **Final date**:Thursday, Oct 23, 2025 at 11:59pm (Pacific Time) · Applications will continue to be accepted until this date, but those received after ...
-
Operations Manager
3 weeks ago
Advanced Systems Group LLC San Francisco Bay Area, United States**About Us**: · Advanced Systems Group, LLC enables creativity through better technology and operations for media creatives and content owners. From acquisition to delivery, on-premises or in the cloud, ASG ensures our clients' success through tailored solutions. One of North Ame ...
-
Staff Research Associate I
2 weeks ago
University of California San Francisco San Francisco, United StatesThe Brain Tumor Center at UCSF focuses on developing new treatments for patients with malignancies of the central nervous system by · - (1) studying the mechanisms through which brain tumors develop and become resistant to treatments and · - (2) identifying novel therapeutic targ ...
-
Operations Analyst
1 week ago
University of California San Francisco San Francisco, United StatesThe **Operations Analyst** uses skills as a seasoned and experienced administrative operations professional to manage, plan and administer the operations including human resources, clinical, finance, education, facilities and technology of the Hematology-Oncology Division at Zuck ...
-
Space Information Analyst Ii
2 weeks ago
University of California San Francisco San Francisco, United StatesThe Space Information Analyst at UCSF is a member of the Space Analytics team, dedicated to ensuring the accuracy, completeness, and utility of spatial data across campus buildings, floors, and rooms. This role involves conducting detailed site surveys to validate and update spat ...
-
Tech Concierge
1 week ago
Coterie Senior Living - Cathedral Hill San Francisco, United StatesOverview: · Born out of a partnership between Atria Senior Living and Related Companies, Coterie is a new luxury brand that re-imagines what senior living can be. · From stunning architecture and thoughtful design to state-of-the-art fitness facilities and curated culinary offeri ...
-
Customer Support Strategy
3 weeks ago
Okta San Francisco, United States**Get to know Okta** · Okta is The World's Identity Company. We free everyone to safely use any technology—anywhere, on any device or app. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move ...
-
Quality Assurance
3 weeks ago
University of California San Francisco San Francisco, United StatesThe Quality Assurance (QA) Manager will oversee the activity of the quality assurance department and staff, developing, implementing, and maintaining a system of quality and reliability testing for the organization's products and/or development processes. QA deliverables and mana ...
Cybersecurity Risk Assessment Analyst Department of Technology 1052 - San Francisco, United States - City and County of San Francisco
Description
Job Description
The Office of Cybersecurity was established in 2022 by the Board of Supervisors at the best of Mayor London Breed as a Citywide Office located within the Department of Technology. We create citywide policies, act as a front line against cyber attacks, and help other departments be resilient to cyber-threats. Our work makes sure City services and what San Francisco does for you is cybersafe
The Technology Risk and Resilience Team within DT's Office of Cybersecurity is excited to hire a Cybersecurity Risk Assessment Analyst. The Cybersecurity Risk Assessment Analyst will support a critical function of the Office of Cybersecurity that is directly responsible for reducing risks posed to the City. The Analyst will be tasked with the important role of identifying, assessing, controlling, and monitoring risks through the Citywide enterprise. They will gain firsthand experience supporting and maturing a Governance, Risk and Compliance program.
Essential Duties: