IT Security Manager

City of Philadelphia•Philadelphia, PA

2d•Onsite

About The Position

The City of Philadelphia is seeking an IT Security Manager to lead and build the Governance, Risk, and Compliance (GRC) function within Revenue IT. This role is responsible for establishing and operating a structured security program focused on risk management, policy development, and governance across systems, teams, and vendors. This is not a purely technical security role. The ideal candidate will have experience owning and operating GRC processes end-to-end, including risk register management, policy and standards development, and governance structures that drive accountability. The role requires the ability to work across business and technical teams, define clear ownership, and enforce security controls in a complex and evolving environment. This role is primarily managerial and program-focused, responsible for defining strategy, ensuring alignment across teams, and establishing clear governance structures that drive consistent execution. This critical role will be responsible for ensuring the confidentiality, integrity, and availability of our information systems, with a strong focus on compliance with IRS Publication 1075 Guidelines and the NIST 853 Cybersecurity Framework.

Requirements

Minimum of 2 years of experience in information security, with a focus on governance, risk, and compliance
Demonstrated experience owning or leading GRC processes, including risk management, policy development, and governance
Experience developing and implementing security policies, standards, and procedures
Experience conducting risk assessments and managing risk through formal tracking and escalation processes
Experience working with regulatory frameworks such as NIST, IRS Pub 1075, or similar (framework-agnostic experience acceptable)
Experience coordinating audits and managing remediation efforts
Experience working across business and technical teams to drive alignment and accountability

Nice To Haves

Prior management or team leadership experience preferred

Responsibilities

Own and operate the Revenue IT GRC program, including risk management processes, governance structures, and compliance tracking
Establish and maintain a centralized risk register, including identification, prioritization, and escalation of risks to leadership
Develop, implement, and maintain security policies, standards, and procedures aligned to organizational needs and regulatory requirements
Define and enforce governance processes, including clear ownership, accountability, and escalation paths across teams and vendors
Lead security-related risk assessments and partner with system owners to define and track mitigation strategies
Coordinate and manage internal and external audits, including documentation, response tracking, and remediation follow-up
Work with vendors and internal teams to ensure accountability for security controls, deliverables, and knowledge transfer
Communicate security risks, priorities, and program status to leadership in a clear and actionable manner
Build structure in areas with limited process, ensuring consistency and transparency across security-related activities
Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks
Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).
Respond to security incidents and implement corrective actions.
Partner with the City’s Security Team to ensure City policies are applied throughout Revenue.
Participate in security audits and compliance reviews.
Communicate security-related information effectively to both technical and non-technical audiences, performs miscellaneous job-related duties as assigned.
Coach teams on risk ownership and control implementation; develop a culture of accountability and transparency