1054 IS Business Analyst-Principal
Cybersecurity Analyst – Governance, Risk & Compliance
|Department||Airport - San Francisco International|
|Date Opened||5/24/2018 11:30:00 AM|
|Filing Deadline||1/14/2019 1:00:00 PM|
|Salary||$116,064.00 - $146,016.00/year|
|Job Type||Permanent PBT|
This is a Position Based Test administered in accordance with Civil Service Rule 111A.
Job announcement has been amended to reflect changes in the information regarding the eligible list.
SFO is a world-class, award-winning airport that served more than 55 million guests in 2017. SFO offers non-stop flights to 45 international cities on 45 international carriers. The Bay Area's largest airport also connects non-stop with 83 U.S. cities on 13 domestic airlines. In fiscal year 16/17, the Airport, an enterprise department of the City & County of San Francisco, accounted for $8.4 billion in business activity and supported over 42,800 direct jobs.
SFO’s mission is to provide an exceptional airport in service to our communities and is committed to redefining air travel. SFO has embarked on the renovation of Terminal 1, the largest capital project in the Airport’s $7.3 billion Ascent Program. For more information, visit www.flysfo.com. View a video about careers at SFO.
Under the direction of 0941 Manager VI, Chief Information Security Officer (CISO), the 1054 IS Business Analyst Principal - Cybersecurity Analyst – Governance, Risk and Compliance, position will be responsible for providing ongoing supervision of Payment Card Industry (PCI) compliance for Airport credit card processing systems. Responsibilities include completing Self-Assessment Questionnaires, ensuring that all IT PCI policies and procedures are being followed, managing that the annual Report on Compliance (RoC) is completed in a timely manner, ensuring that the yearly PCI-Qualified Security Assessor (QSA) gap assessment, audit and ensuring remediation items are completed and ensuring that all other technical IT aspects of compliance are being completed as required. In addition, this position will assist the ITT Compliance Officer in the implementation and improvement of ITT services and processes related to ITT operational policies, standards and compliance to include PCI, Information Technology Infrastructure Library (ITIL) best practices and International Standards Organization (ISO) compliance and certification.
Duties will include needs analysis, project planning and management, process development, data analysis, process implementation and testing, technical and procedural documentation, user training, and post-implementation assessment and administration; and direct and participates in complex studies.
The essential functions of this position include:
Successfully manages PCI compliance, which should include but not limited to, knowledge in complying with PCI standards, ITIL best practices and ISO standards.
Understands the processes of Change Management, Incident Management, Configuration Management, Release and Deployment Management, Business Continuity Management, Information Security Management System (ISMS) and the PCI standard
Participates in internal Audits of company against the ISO and PCI standards to earning certifications and maintaining compliance
Manages and implements PCI standards and policy improvement projects
Gathers PCI and ISO related requirements and information regarding continuous compliance assurance; analyzes and evaluates needs and provides recommendations; conducts feasibility studies; provides documentation of requirements
Establishes PCI metrics and reporting for measuring the successful delivery of PCI standards, processes and policies
Works with the ITT Compliance Officer, to manages PCI and ISO Standards, Service Management processes and services and ongoing operational improvements through the ITT Continuous Improvement process
Manages to and assists in, the development of detailed project charter and plans, based on four standard phases Initiation, Planning, Execution & Project Closeout and continuously monitor, maintain for progress reports, as required
Sets expectations with customers/users and project team members; identifies opportunities for improving PCI and ISO standard processes
Assists in the management of the project schedule, resources and communications, integration, procurement and quality of outcome
Assists in monitoring progress to ensure timely completion per project plan and schedule. Communicates status to all key stakeholders on a regular basis
Understands and responds to the service needs of the customer/user at all levels, assures proper planning and documentation of processes and services to meet user requirements
Responds quickly and proactively to resolve problem situations; effectively escalates issues as required
Ensures effective communication between management, customer/users, and, if applicable, external consultants
Performs related duties and responsibilities, as assigned
Nature of Work
Essential duties require the following physical skills and work environment: Ability to work in a standard office environment which may involve prolonged sitting, bending and operation of typing, word processing and other office equipment; and ability to work evening meetings.
An associate degree in computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in computer science or a closely-related field]; AND
Five (5) years of recent and verifiable experience in IT project development, management and maintaining International Standards Organization and/or Payment Card Industry compliance.
Note: The five (5) years of experience requirement must have been obtained within the last seven (7) years.
Education Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units or forty-five (45) quarter units with a minimum of 10 semester or 15 quarter units in computer science or a closely related field.
In addition to meeting the minimum qualifications, this position requires sufficient strength and coordination of lifting, pushing, pulling and/or carrying the 35 Lbs. weight of computer systems equipment. It also requires bending, stooping and/or crawling in order to install or repair computer systems hardware (TST029).
The above minimum qualifications reflect special conditions associated with the position(s) to be filled. They may differ from the standard minimum qualifications associated with this classification.
The stated desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred to hiring.
- ITIL Foundation training
- International Standards Organization (ISO) 20000, 27001 Foundation training
- ISO Lead Implementer certification
- Familiar with quality assurance methodologies (i.e., Total Quality Management (TQM), Six Sigma)
- Knowledge of Service Management processes should include: Change Management, Configuration Management, Release and Deployment Management, Business Continuity Management, Service Continuity Management, Information Security Management, Knowledge Management, Continual Service Improvement, Service Reporting and the PCI (Payment Card Industry) standard, process reporting and IT services reporting
- Knowledge of process design lifecycle
- Knowledge of documentation management lifecycle
- PCI-ISA (Internal Security Assessor) or PCI-QSA (Qualified Security Assessor) certified
- Certified Information Systems Auditor (CISA) certified
Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.
One year full-time employment is equivalent to 2000 hours (2000 hours of qualifying work experience is based on a 40 hours work week.) Any overtime hours that you work above forty (40) hours per week are not included in the calculation to determine full-time employment.
How To Apply
Applications for City and County of San Francisco jobs are only accepted through an online process. Visit www.jobaps.com/sf to register an account (if you have not already done so) and begin the application process.
- Select the desired job announcement
- Select “Apply” and read and acknowledge the information
- Select either “I am a New User” if you have not previously registered, or “I have Registered Previously”
- Follow instructions on the screen
Computers are available for the public (from 8:00 a.m. to 5:00 p.m. Monday through Friday) to file online applications in the lobby of the Dept. of Human Resources at 1 South Van Ness Avenue, 4th Floor, San Francisco.
Applicants may be contacted by email about this announcement and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com).
Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.
All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.
Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores. If you have any questions regarding this recruitment or application process, please contact the exam analyst, Charlene Cun, by telephone at 650-821-2018, or by email at Charlene.firstname.lastname@example.org.
Resumes may be attached to the application; however, resumes will not be accepted in lieu of a completed City and County of San Francisco application.
Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found here.
Verification of qualifying experience, when requested, must be documented on the employer's business letterhead and must include the name of the applicant, job title(s), dates of employment, description of job duties performed, and signature of the employer or the employer’s authorized representative. Experience claimed in self-employment will only be accepted if supported by documents verifying income, earnings, business license and experience comparable to minimum qualifications above. Copies of income tax papers or other documents listing occupation and total earnings must be submitted. Employees of the City and County of San Francisco may submit performance evaluations showing duties performed to verify qualifying City experience. City employees will receive credit for the duties of the class to which appointed. Credit for experience obtained outside of the employee's class will be allowed only if recorded in accordance with the provisions of Civil Service Commission Rules. Verification may be waived if impossible to obtain. The applicant must submit a signed statement explaining why verification cannot be obtained. Waiver requests will be considered on a case-by-case basis. Failure to provide the required verification, or request for waiver when requested may result in rejection of application.
Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco. Make sure your application and any attachments to the application submitted at the time of filing are complete and accurate and include details on all experience, education, training and other information that qualifies you for this recruitment. Failure to submit a complete and accurate application at the time of filing may result in your ineligibility for this recruitment or inability to receive full credit for scoring purposes. Any new information concerning work experience, education, training and other information that is submitted after the filing deadline may not be used for scoring or considered to determine whether you meet the minimum qualifications.
Oral Examination (Weight 100%)
Candidates who meet the minimum qualifications will be invited to participate in an oral examination designed to measure their relative knowledge, ability and skill levels in job related areas. Written, assessment type, or other performance-based exercises may be utilized. Candidates will be placed on the eligible list in rank order according to their final passing score.
Note: Applicants who meet the minimum qualifications are not guaranteed to advance through all of the steps in the selection process.
Transportation Security Administration (TSA) Security Clearance
Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment in order to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be basis for termination from employment with the Airport Commission.
The certification rule for the eligible list resulting from this examination will be Rule of Three Scores. Additional selection processes may be conducted by the hiring department prior to making final hiring decisions.
A confidential eligible list with names of candidates who have passed the civil service examination process will be created and used for certification purposes only. An examination score report will be established so interested parties can view the ranks, final scores, and number of eligible candidates. Applicant information, including names of candidates on the eligible list, shall not be made public unless required by law. However, an eligible list shall be made available for public inspection, upon request, once that eligible list is exhausted or expired and referrals resolved. The eligible list/score report resulting from this civil service examination process is subject to change after adoption (e.g., as a result of appeals), as directed by the Human Resources Director or the Civil Service Commission.
The duration of the eligible list resulting from this examination process will be three months, and may be extended with the approval of the Human Resources Director.
Upon approval of the Human Resource Director (see Civil Service Rule 111A.26.5), the eligible list/score report resulting from this announcement may be used by other departments that also use this classification or a similar classification. To find other Departments that use this classification, please click here. Search that document by title or job code to see which departments use the classification.
As a finalist for a job, you will be fingerprinted, and your fingerprints will be sent to the California Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI). The resulting report of your conviction history (if any) will be used to determine whether the nature of your conviction (or arrest, in limited circumstances) conflicts with the specific duties and responsibilities of the job for which you are a finalist. If a conflict exists, you will be asked to present any evidence of rehabilitation that may mitigate the conflict, except when federal or state regulations bar employment in specific circumstances, such as:
- Candidates for positions with the Unified School District and the Community College District may be disqualified from consideration should their conviction history not meet the standards established under the California Education Code.
- Candidates for positions with the Recreation and Park Department may be disqualified from consideration should their conviction history not meet the standards established under California Public Resources Code 5164.
Having a conviction history does not automatically preclude you from a job with the City.
If you are selected as a finalist, the hiring department will contact you to schedule a fingerprinting appointment.
Disaster Service Workers
All City and County of San Francisco employees are designated Disaster Service Workers through state and local law (California Government Code Section 3100-3109). Employment with the City requires the affirmation of a loyalty oath to this effect. Employees are required to complete all Disaster Service Worker-related training as assigned, and to return to work as ordered in the event of an emergency.
Reasonable Accommodation Request
Applicants with disabilities requiring reasonable accommodation for this examination can find information on requesting a reasonable accommodation here.
Seniority Credit in Promotional Exams
Information regarding seniority credit can be found here.
Information regarding requests for veteran’s preference can be found here.
Terms of the Announcement
Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at www.jobaps.com/sf. The terms of this announcement may be appealed under Civil Service Rule 111A.35.1. The standard for the review of such appeals is ‘abuse of discretion’ or ‘no rational basis’ for establishing the position description, the minimum qualifications and/or the certification rule. Appeals must include a written statement of the item(s) being contested and the specific reason(s) why the cited item(s) constitute(s) abuse of discretion by the Human Resources Director. Appeals must be submitted directly to the Executive Officer of the Civil Service Commission within five business days of the announcement issuance date.
Copies of Application Documents
Applicants are advised to keep copies of all documents submitted. Submitted documents become a permanent part of the exam record and will not be returned. The hiring department may require applicants to submit the same documents and/or additional documents at a later date.
Right to Work
All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States.
General Information Concerning City and County of San Francisco Employment Policies and Procedures
Important employment information for the City and County of San Francisco can be obtained online here or hard copy at 1 South Van Ness Avenue, 4th Floor.
Exam Type: Combined Promotive & Entrance
Issued: 5/24/18; Amended: 10/24/18
Human Resources Director
Department of Human Resources
Recruitment ID #: 086967
All employees hired on or after January 10, 2009 will be required (pursuant to San Francisco Charter Section A8.432) to contribute 2% of pre-tax compensation to fund retiree healthcare. In addition, most employees are required to make a member contribution towards retirement, ranging from 7.5%-13.25% of compensation. For more information on these provisions, please contact the personnel office of the hiring agency.