DEPUTY CHIEF INFORMATION SECURITY OFFICER (0933) - Department of Technology jobs in United States
cer-icon
Apply on Employer Site
company-logo

San Francisco Department of Technology (DT) · 4 hours ago

DEPUTY CHIEF INFORMATION SECURITY OFFICER (0933) - Department of Technology

positionSan Francisco, CA
timeFull-time
remoteOnsite
seniorityDirector/Executive
date7+ years exp

San Francisco Department of Technology is seeking a Deputy Chief Information Security Officer to support the Chief Information Security Officer in leading the Citywide Cybersecurity Program. This executive-level position will oversee cybersecurity operations, guide risk management, and ensure alignment with compliance frameworks while advancing the city's cybersecurity posture.

Information Technology & Services

Responsibilities

Oversee the day-to-day operations of the Cyber Defense division, including cyber detection, monitoring, incident response, and investigation
Support monitoring and optimizing DT's organizational structure, staffing, and service levels, ensuring effective cybersecurity practices across the City and County
Take strategic leadership role requiring deep cybersecurity expertise, experience managing complex organizational dynamics, and a demonstrated ability to lead large-scale technical initiatives in the public sector
Assist the City CISO with financial and strategic planning for the Office of Cybersecurity, and help coordinate communications with City staff, Departmental Information Security Officers, and external partners at the state and federal levels
Play a critical leadership role in advancing the City and County of San Francisco's cybersecurity posture, supporting the Chief Information Security Officer (CISO) in defining and executing the City's cybersecurity strategy and roadmap
Serves as acting CISO when required and ensures alignment of City cybersecurity policies, standards, and practices with compliance frameworks such as NIST CSF, HIPAA, and PCI-DSS
Leads the Cyber Defense Division, overseeing staff responsible for 24/7 cyber incident response, security data analytics, and detection and response solutions. This includes managing complex, multi-year deployments of cybersecurity monitoring technologies across more than 50 City departments, and creating Citywide cyber incident response procedures and standards
Guide the development and implementation of multi-year cybersecurity programs that strengthen operational resilience
Be responsible for office-wide coordination across cybersecurity functions—overseeing internal procedures, standards, budget development, vendor procurements, and strategic staffing activities including recruitment, hiring, performance evaluation, and staff development
Partner with executive leadership, department heads, and external agencies to advance cybersecurity objectives Citywide and coordinate communication across departments and with the public to raise cybersecurity awareness, including outreach related to cyber scams
Serves as a liaison with key federal and regional partners such as the FBI and the Northern California Regional Intelligence Center (NCRIC), and tracks and reports key cybersecurity performance and risk metrics to City leadership

Qualification

Cybersecurity expertiseRisk managementIncident responseLeadership abilitiesCybersecurity frameworksStrategic planningCompliance knowledgeContinuous improvementTechnology alignmentPublic sector experienceVendor managementBudget developmentPerformance evaluationStaff developmentOperational resilienceCybersecurity awarenessStakeholder engagementRisk metrics trackingDiverse teams managementHigh-pressure coordinationAudit understandingCommunication skillsTeam collaborationMentorship

Required

Baccalaureate degree in computer science, cybersecurity, risk management or a closely related field from an accredited college or university
At least seven (7) years of experience working in risk management and information security in a multi-department organization of which 3 years must include experience supervising professionals
Additional experience in information technology may substitute for the Bachelor's degree on a year-for-year basis (e.g., four (4) additional years of experience can substitute for a bachelor's degree, two (2) to three (3) years of additional experience along with an Associate's degree (AA) or equivalent may substitute for the bachelor's degree)

Preferred

Strong leadership abilities managing and guiding diverse, multidisciplinary teams; fostering collaboration, accountability, and high performance while driving measurable results
Strategic thinker with proven ability to develop and execute long-term cybersecurity and technology plans aligned with organizational mission, risk tolerance, and operational priorities
Track record of optimizing operational processes, improving efficiency, and managing complex, cross-functional initiatives with a focus on continuous improvement and risk reduction
Deep experience in enterprise cybersecurity programs, including governance, risk management, policy development, and security operations in highly regulated, complex environments
Proficient in cybersecurity frameworks and standards (e.g., NIST CSF 2.0, NIST 800-53, ISO 27001) with the ability to apply them pragmatically across diverse departments
Skilled at translating cybersecurity and technology risk into clear business and operational impacts for executive leadership, enabling informed decision-making
Demonstrated ability to lead incident response and resilience efforts, coordinating across technical teams, executives, legal, privacy, and communications during high-pressure situations
Excellent communication skills, both verbal and written, to effectively convey complex technical concepts to non-technical stakeholders, brief senior leadership, and build trusted relationships with internal and external partners
Experience working in highly governed or regulated environments, with strong understanding of audit, compliance, privacy, and public-sector accountability requirements
Commitment to talent development through mentorship, coaching, and workforce planning, fostering inclusive, high-performing teams and long-term organizational capability
Ability to leverage technology for competitive advantage and growth, aligning innovation with departmental and organizational objectives
Highly desirable certifications may include the following (or a recognized professionally accepted equivalent): International System Security Certification Consortium (ISC2) Certification, Certified Information Systems Security Professional (CISSP), Information Systems Audit and Control Association (ISACA) Certification, Certified in Risk and Information Systems Control (CRISC)

Benefits

Competitive pay, benefits, and retirement options
Career growth opportunities through training, internal mobility, and subsidized education
Diverse work environment in a diverse city

Company

San Francisco Department of Technology (DT)

twitter
company-logo
The City and County of San Francisco Department of Technology (DT) is an enterprise information and technology services organization that delivers mission critical technology infrastructure and services to approximately 28,000 employees and 805,235 citizens.
location
San Francisco, CA, US
people-size201-500 employees
web-link
http://tech.sfgov.org

Funding

Current Stage
Growth Stage
Company data provided by crunchbase