Technology Risk and Resilience Specialist (1054) - Department of Technology

About The Position

Requirements

• Education: An associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].
• Experience: Five (5) years of experience in the information systems field, including system analysis, business process design, development and implementation of business application solutions or IT project management.
• Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Nice To Haves

• 2-3 years of experience in IT System Infrastructure, Disaster Recovery, Business Continuity, and Risk Management.
• In-depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques, technologies, and best practices.
• Proven experience in executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms.
• Demonstrated proficiency in BC/DR program execution, managing process change projects, and overseeing the full DR program lifecycle.
• Strong understanding of quantitative risk management, including Factor Analysis of Information Risk (FAIR), and experience in applying these frameworks to resilience initiatives.
• Ability to effectively collaborate with technical, non-technical, and management stakeholders.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms (e.g., ServiceNow [SNOW], LogicGate, OneTrust).
• Relevant security certifications (e.g., Security+, CISA, CISM, CRISC) preferred.
• Preferred skills in SharePoint and reporting services.
• Awareness of privacy concepts and regulations related to risk and resilience.

Responsibilities

• Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program.
• Conduct in-depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services.
• Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects.
• Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications.
• Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment.
• Perform detailed Vendor Risk Assessments, analyzing the security posture of third-party vendors and implementing risk mitigation strategies where necessary.
• Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities.
• Coordinate with technology and business units to assess, implement, and continuously monitor IT-related security risks, ensuring a proactive approach to threat mitigation.
• Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
• Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices.
• Maintain an up-to-date understanding of industry changes related to security, integrating cutting-edge developments into the organization's risk and resilience strategies

Benefits

• Competitive pay, benefits, and retirement options
• Career growth opportunities through training, internal mobility, and subsidized education
• Diverse work environment in a diverse city
• The Department has a hybrid work schedule