San Francisco Department of Public Health
Chief Information Security Officer
San Francisco Department of Public Health, San Francisco, California, United States, 94199
The Chief Information Security Officer (0933 Manager V) is responsible for developing and delivering a comprehensive information security strategy and framework to optimize the security posture of the organization. The role leads the design and execution of a security program that promotes cross-functional collaboration, supports effective governance, advises senior leadership on security priorities and resource allocation, and establishes policies to manage information security risks. The Chief Information Security Officer reports directly to the Chief Information Officer (CIO) and oversees a team of twelve security professionals.
The Chief Information Security Officer (0933 Manager V) performs the following essential job functions:
Provides leadership, direction, and prioritization in assessing and evaluating information security risks across the organization, advising and consulting with executives on identified risks and ensuring the execution of mitigation and remediation steps.
Oversees strategic planning and execution across the information security portfolio, including incident response, policy frameworks, compliance, threat management, and targeted training, with specialized triaging for high‑risk areas.
Manages capital and operating budgets and provides Return on Investment (ROI) analyses and IT budget recommendations.
Collaborates with the Office of Compliance and Privacy Affairs to evaluate data security risks associated with departmental initiatives and design effective mitigation tools and strategies.
Analyzes security requirements and ensures enterprise and product compliance with industry standards, including HIPAA, HITRUST, ISO 27001, NIST, PCI‑DSS, and other security standards. Drives cross‑functional collaboration with internal teams and senior leaders to ensure timely execution of testing and auditing activities, securing certification and maintaining organizational compliance.
Ensures alignment of security strategies with organizational goals, addressing stakeholder priorities and advising leadership on developments influencing the success of information security initiatives.
Develops, implements, and maintains policies and procedures to ensure effective security program operations.
Represents DPH in security‑related matters with City partners, internal and external stakeholders, and industry groups.
Qualifications
1. Education : Bachelor’s degree from an accredited college or university;
AND ??2. Experience : Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals. Education Substitution: Additional experience as described above may be substituted for the required degree on a year‑for‑year basis. One (1) year is equivalent to thirty (30) semester units / forty‑five (45) quarter units. Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted. One‑year full‑time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40‑hour work week). Desirable Qualifications
The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring: Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification Verification of Education and Experience
Every application is reviewed to ensure that you meet the minimum qualifications as listed in the job ad. Review SF Careers Employment Applications for considerations taken when reviewing applications. Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://careers.sf.gov/knowledge/experience-education/. Note:
Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.
#J-18808-Ljbffr
1. Education : Bachelor’s degree from an accredited college or university;
AND ??2. Experience : Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals. Education Substitution: Additional experience as described above may be substituted for the required degree on a year‑for‑year basis. One (1) year is equivalent to thirty (30) semester units / forty‑five (45) quarter units. Applicants must meet the minimum qualification requirements by the final filing date unless otherwise noted. One‑year full‑time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40‑hour work week). Desirable Qualifications
The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring: Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification Verification of Education and Experience
Every application is reviewed to ensure that you meet the minimum qualifications as listed in the job ad. Review SF Careers Employment Applications for considerations taken when reviewing applications. Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://careers.sf.gov/knowledge/experience-education/. Note:
Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.
#J-18808-Ljbffr