DEPUTY CHIEF INFORMATION SECURITY OFFICER (0933) - ...

u00a0 + Application Opening - January 16,u00a02026. + Application Deadline - Interested candidates are encouraged to apply as soon as possible, as this job announcement will close at any time, but not earlier than 11:59PM PST,u00a0Friday, February 6, 2026. Are you ready to make an impact in one of the most innovative cities? The Department of Technology (DT) is looking for passionate IT professionals to help shape the future of technology in San Francisco As the centralized technology services provider for the City and County of San Francisco (CCSF), DT delivers critical infrastructure and services to over 33,000 employeesu2014supporting public safety, municipal broadband, cybersecurity, cloud solutions, and more With a $140M+ annual budget and a team of 300+ experts, DT is leading the charge in digital transformation. DT provides services through our core areas of IT Excellence:u00a0u00a0 + IT Project Management Officeu00a0 + Enterprise Application Servicesu00a0 + Cloud Center of Excellenceu00a0 + IT Operations and Support including the Service Desk and NOCu00a0 + City Infrastructure including the Network, Telcom and Data Centersu00a0 + Office of Cybersecurity including Cyber Defense, Identity Management and Disaster Recoveryu00a0 + Public Safety Systems and Municipal Broadband Fiberu00a0 + SFGovTV Broadcasting Servicesu00a0 + IT Finance and Administration Servicesu00a0 + Emerging Technologiesu00a0 Why Join Us?u00a0u00a0Innovative & Impactful Work At DT, you wonu2019t just work on ITu2014youu2019ll power a city. Your expertise will directly impact the residents of San Francisco, from closing the digital divide to ensuring secure, efficient city operations.u00a0 Benefits of Working for CCSF: In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.u00a0 + Competitive pay, benefits, and retirement optionsu00a0 + Career growth opportunities through training, internal mobility, and subsidized educationu00a0 + Diverse work environment in a diverse cityu00a0 Join the team thatu2019s shaping the future of technology in San Francisco. Apply today and be part of a dynamic, innovative, and mission-driven ITu00a0teamu00a0u00a0 The City and County of San Francisco's Department of Technology (DT), Office of Cybersecurity, is seeking a Deputy Chief Information Security Officer (Deputy CISO) to support the City's Chief Information Security Officer (CISO) in leading the development, implementation, and management of the Citywide Cybersecurity Program. This executive-level position is responsible for guiding risk management, governance, and cybersecurity operations in alignment with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and City policies.u00a0 The Deputy CISO will also:u00a0 + Oversee the day-to-day operations of the Cyber Defense division, including cyber detection, monitoring, incident response, and investigation. + Supportu00a0monitoring and optimizing DT's organizational structure, staffing, and service levels, ensuring effective cybersecurity practices across the City and County. + Take strategic leadership role requiring deep cybersecurity expertise, experience managing complex organizational dynamics, and a demonstrated ability to lead large-scale technical initiatives in the public sector. + u00a0Assist the City CISO with financial and strategic planning for the Office of Cybersecurity, and help coordinate communications with City staff, Departmental Information Security Officers, and external partners at the state and federal levels. + Playu00a0a critical leadership role in advancing the City and County of San Francisco's cybersecurity posture, supporting the Chief Information Security Officer (CISO) in defining and executing the City's cybersecurity strategy and roadmap. + Serves as acting CISO when required and ensures alignment of City cybersecurity policies, standards, and practices with compliance frameworks such as NIST CSF, HIPAA, and PCI-DSS. + Leads the Cyber Defense Division, overseeing staff responsible for 24/7 cyber incident response, security data analytics, and detection and response solutions. This includes managing complex, multi-year deployments of cybersecurity monitoring technologies across more than 50 City departments, and creating Citywide cyber incident response procedures and standards. + Guideu00a0the development and implementation of multi-year cybersecurity programs that strengthen operational resilience. + Be responsible for office-wide coordination across cybersecurity functionsu2014overseeing internal procedures, standards, budget development, vendor procurements, and strategic staffing activities including recruitment, hiring, performance evaluation, and staff development. + Partneru00a0with executive leadership, department heads, and external agencies to advance cybersecurity objectives Citywide and coordinateu00a0communication across departments and with the public to raise cybersecurity awareness, including outreach related to cyber scams. + Serves as a liaison with key federal and regional partners such as the FBI and the Northern California Regional Intelligence Center (NCRIC), and tracks and reports key cybersecurity performance and risk metrics to City leadership. Baccalaureate degree in computer science, cybersecurity, risk management or a closely related field from an accredited college or university ANDu00a0 u00a0 u00a0u00a0 At least seven (7) years of experience working in risk management and information security in au00a0 multi-department organization of which 3 years must include experience supervising professionals. Additional experience in information technology may substitute for the Bachelor's degree on a year-for -year basis (e.g., four (4) additional years of experience can substitute for a bachelor's degree, two (2) to three (3) years of additional experience along with an Associate's degree (AA) or equivalent may substitute for the bachelor's degree). Desirable Qualifications + Strong leadership abilities managing and guiding diverse, multidisciplinary teams; fostering collaboration, accountability, and high performance while driving measurable results. + Strategic thinker with proven ability to develop and execute long-term cybersecurity and technology plans aligned with organizational mission, risk tolerance, and operational priorities. + Track record of optimizing operational processes, improving efficiency, and managing complex, cross-functional initiatives with a focus on continuous improvement and risk reduction. + Deep experience in enterprise cybersecurity programs, including governance, risk management, policy development, and security operations in highly regulated, complex environments. + Proficient in cybersecurity frameworks and standards (e.g., NIST CSF 2.0, NIST 800-53, ISO 27001) with the ability to apply them pragmatically across diverse departments. + Skilled at translating cybersecurity and technology risk into clear business and operational impacts for executive leadership, enabling informed decision-making. + Demonstrated ability to lead incident response and resilience efforts, coordinating across technical teams, executives, legal, privacy, and communications during high-pressure situations. + Excellent communication skills, both verbal and written, to effectively convey complex technical concepts to non-technical stakeholders, brief senior leadership, and build trusted relationships with internal and external partners. + Experience working in highly governed or regulated environments, with strong understanding of audit, compliance, privacy, and public-sector accountability requirements. + Commitment to talent development through mentorship, coaching, and workforce planning, fostering inclusive, high-performing teams and long-term organizational capability. + Ability to leverage technology for competitive advantage and growth, aligning innovation with departmental and organizational objectives. u2022 Highly desirable certifications may include the following (or a recognized professionally accepted equivalent):u00a0 + International System Security Certification Consortium (ISC2) Certificationu00a0 + Certified Information Systems Security Professional (CISSP)u00a0 + Information Systems Audit and Control Association (ISACA) Certificationu00a0 + Certified in Risk and Information Systems Control (CRISC) Verification:u00a0Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employeru2019s official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employeeu2019s class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at Note:u00a0Falsifying oneu2019s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco. Applicants must meet the minimum qualification requirement by the final application deadline unless otherwise noted.u00a0 Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is twelve (12) months and will not result in an eligible list or permanent civil service hiring.u00a0Project-based positions cannot be ongoing or exceed 36 months Work Location Incumbent will conduct the majority of work at the Department of Technology,u00a0(1 South Van Ness, San Francisco, CA 94103).u00a0 However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary. Nature of Work Incumbent must be willing to work 40 hours a week in the office or field Monday - Friday.u00a0 Travel within San Francisco will be required. Applicants are encouraged tou00a0applyu00a0immediately as this recruitment may close at any time, but not before February 6, 2026. + Your application MUST include a resume.u00a0 To upload, please attach using the

Created: 2026-01-19