DEPUTY CHIEF INFORMATION SECURITY OFFICER (0933) - Department of Technology

About The Position

Requirements

• Baccalaureate degree in computer science, cybersecurity, risk management or a closely related field from an accredited college or university AND At least seven (7) years of experience working in risk management and information security in a multi-department organization of which 3 years must include experience supervising professionals.
• Additional experience in information technology may substitute for the Bachelor's degree on a year-for -year basis (e.g., four (4) additional years of experience can substitute for a bachelor's degree, two (2) to three (3) years of additional experience along with an Associate's degree (AA) or equivalent may substitute for the bachelor's degree).

Nice To Haves

• Strong leadership abilities managing and guiding diverse, multidisciplinary teams; fostering collaboration, accountability, and high performance while driving measurable results.
• Strategic thinker with proven ability to develop and execute long-term cybersecurity and technology plans aligned with organizational mission, risk tolerance, and operational priorities.
• Track record of optimizing operational processes , improving efficiency, and managing complex, cross-functional initiatives with a focus on continuous improvement and risk reduction.
• Deep experience in enterprise cybersecurity programs , including governance, risk management, policy development, and security operations in highly regulated, complex environments.
• Proficient in cybersecurity frameworks and standards (e.g., NIST CSF 2.0, NIST 800-53, ISO 27001) with the ability to apply them pragmatically across diverse departments.
• Skilled at translating cybersecurity and technology risk into clear business and operational impacts for executive leadership, enabling informed decision-making.
• Demonstrated ability to lead incident response and resilience efforts , coordinating across technical teams, executives, legal, privacy, and communications during high-pressure situations.
• Excellent communication skills , both verbal and written, to effectively convey complex technical concepts to non-technical stakeholders, brief senior leadership, and build trusted relationships with internal and external partners.
• Experience working in highly governed or regulated environments , with strong understanding of audit, compliance, privacy, and public-sector accountability requirements.
• Commitment to talent development through mentorship, coaching, and workforce planning, fostering inclusive, high-performing teams and long-term organizational capability.
• Ability to leverage technology for competitive advantage and growth , aligning innovation with departmental and organizational objectives.
• International System Security Certification Consortium (ISC2) Certification
• Certified Information Systems Security Professional (CISSP)
• Information Systems Audit and Control Association (ISACA) Certification
• Certified in Risk and Information Systems Control (CRISC)

Responsibilities

• Oversee the day-to-day operations of the Cyber Defense division, including cyber detection, monitoring, incident response, and investigation.
• Support monitoring and optimizing DT's organizational structure, staffing, and service levels, ensuring effective cybersecurity practices across the City and County.
• Take strategic leadership role requiring deep cybersecurity expertise, experience managing complex organizational dynamics, and a demonstrated ability to lead large-scale technical initiatives in the public sector.
• Assist the City CISO with financial and strategic planning for the Office of Cybersecurity, and help coordinate communications with City staff, Departmental Information Security Officers, and external partners at the state and federal levels.
• Play a critical leadership role in advancing the City and County of San Francisco's cybersecurity posture, supporting the Chief Information Security Officer (CISO) in defining and executing the City's cybersecurity strategy and roadmap.
• Serves as acting CISO when required and ensures alignment of City cybersecurity policies, standards, and practices with compliance frameworks such as NIST CSF, HIPAA, and PCI-DSS.
• Leads the Cyber Defense Division, overseeing staff responsible for 24/7 cyber incident response, security data analytics, and detection and response solutions. This includes managing complex, multi-year deployments of cybersecurity monitoring technologies across more than 50 City departments, and creating Citywide cyber incident response procedures and standards.
• Guide the development and implementation of multi-year cybersecurity programs that strengthen operational resilience.
• Be responsible for office-wide coordination across cybersecurity functions—overseeing internal procedures, standards, budget development, vendor procurements, and strategic staffing activities including recruitment, hiring, performance evaluation, and staff development.
• Partner with executive leadership, department heads, and external agencies to advance cybersecurity objectives Citywide and coordinate communication across departments and with the public to raise cybersecurity awareness, including outreach related to cyber scams.
• Serves as a liaison with key federal and regional partners such as the FBI and the Northern California Regional Intelligence Center (NCRIC), and tracks and reports key cybersecurity performance and risk metrics to City leadership.

Benefits

• Competitive pay, benefits, and retirement options
• Career growth opportunities through training, internal mobility, and subsidized education
• Diverse work environment in a diverse city