City and County of San Francisco
Technology Risk and Resilience Specialist (1054) - Department of Technology
City and County of San Francisco, Myrtle Point, Oregon, United States, 97458
Job Description
Job Description: The Technology Risk and Resilience Specialist is responsible for developing, implementing, and maintaining risk management and resilience strategies to safeguard the organization's technology infrastructure. The specialist will work closely with various stakeholders to identify potential risks, develop contingency plans, and ensure that the organization is prepared to respond to and recover from disruptive events.
Responsibilities
Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program.
Conduct in‑depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services.
Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects.
Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications.
Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment.
Perform detailed Vendor Risk Assessments, analyzing the security posture of third‑party vendors and implementing risk mitigation strategies where necessary.
Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities.
Coordinate with technology and business units to assess, implement, and continuously monitor IT‑related security risks, ensuring a proactive approach to threat mitigation.
Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices.
Maintain an up‑to‑date understanding of industry changes related to security, integrating cutting‑edge developments into the organization's risk and resilience strategies.
Qualifications Minimum Qualifications
Associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field, or equivalent in terms of total course credits/units (at least 60 semester or 90 quarter credits with a minimum of 20 semester or 30 quarter credits in one of the above fields).
Five (5) years of experience in the information systems field, including system analysis, business process design, development and implementation of business application solutions or IT project management.
Substitution: Additional experience may be substituted for the required degree up to a maximum of two (2) years on a year‑for‑year basis.
Desirable Qualifications
2‑3 years of experience in IT System Infrastructure, Disaster Recovery, Business Continuity, and Risk Management.
In‑depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques, technologies, and best practices.
Proven experience executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms.
Demonstrated proficiency in BC/DR program execution, managing process change projects, and overseeing the full DR program lifecycle.
Strong understanding of quantitative risk management, including Factor Analysis of Information Risk (FAIR), and experience applying these frameworks to resilience initiatives.
Ability to effectively collaborate with technical, non‑technical, and management stakeholders.
Familiarity with Governance, Risk, and Compliance (GRC) platforms (e.g., ServiceNow, LogicGate, OneTrust).
Relevant security certifications (e.g., Security+, CISA, CISM, CRISC) preferred.
Preferred skills in SharePoint and reporting services.
Awareness of privacy concepts and regulations related to risk and resilience.
Appointment Type
- This Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration is thirty‑six (36) months.
Work Location
- The incumbent will conduct the majority of work at the Department of Technology, 1 S Van Ness Ave, San Francisco, CA 94103; other City sites may be required.
Benefits The City and County of San Francisco offer competitive pay, benefits, retirement options, career growth opportunities, and a diverse work environment.
Equal Employment Opportunity The City and County of San Francisco encourage women, minorities, and people with disabilities to apply. All applicants will be considered regardless of sex, race, age, religion, color, national origin, ancestry, physical or mental disability, marital status, sexual orientation, gender identity, or veteran status.
#J-18808-Ljbffr
Responsibilities
Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program.
Conduct in‑depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services.
Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects.
Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications.
Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment.
Perform detailed Vendor Risk Assessments, analyzing the security posture of third‑party vendors and implementing risk mitigation strategies where necessary.
Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities.
Coordinate with technology and business units to assess, implement, and continuously monitor IT‑related security risks, ensuring a proactive approach to threat mitigation.
Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices.
Maintain an up‑to‑date understanding of industry changes related to security, integrating cutting‑edge developments into the organization's risk and resilience strategies.
Qualifications Minimum Qualifications
Associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field, or equivalent in terms of total course credits/units (at least 60 semester or 90 quarter credits with a minimum of 20 semester or 30 quarter credits in one of the above fields).
Five (5) years of experience in the information systems field, including system analysis, business process design, development and implementation of business application solutions or IT project management.
Substitution: Additional experience may be substituted for the required degree up to a maximum of two (2) years on a year‑for‑year basis.
Desirable Qualifications
2‑3 years of experience in IT System Infrastructure, Disaster Recovery, Business Continuity, and Risk Management.
In‑depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques, technologies, and best practices.
Proven experience executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms.
Demonstrated proficiency in BC/DR program execution, managing process change projects, and overseeing the full DR program lifecycle.
Strong understanding of quantitative risk management, including Factor Analysis of Information Risk (FAIR), and experience applying these frameworks to resilience initiatives.
Ability to effectively collaborate with technical, non‑technical, and management stakeholders.
Familiarity with Governance, Risk, and Compliance (GRC) platforms (e.g., ServiceNow, LogicGate, OneTrust).
Relevant security certifications (e.g., Security+, CISA, CISM, CRISC) preferred.
Preferred skills in SharePoint and reporting services.
Awareness of privacy concepts and regulations related to risk and resilience.
Appointment Type
- This Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration is thirty‑six (36) months.
Work Location
- The incumbent will conduct the majority of work at the Department of Technology, 1 S Van Ness Ave, San Francisco, CA 94103; other City sites may be required.
Benefits The City and County of San Francisco offer competitive pay, benefits, retirement options, career growth opportunities, and a diverse work environment.
Equal Employment Opportunity The City and County of San Francisco encourage women, minorities, and people with disabilities to apply. All applicants will be considered regardless of sex, race, age, religion, color, national origin, ancestry, physical or mental disability, marital status, sexual orientation, gender identity, or veteran status.
#J-18808-Ljbffr