0931 Manager III, Chief Information Security Officer

Recruitment #PEX-0931-112038



CONDITION OF EMPLOYMENT:  All City and County of San Francisco employees are required to be vaccinated against COVID-19 as a condition of employment.  For details on how it is applicable to your employment, please click here.

Applicants are encouraged to file immediately as this recruitment may close at any time, but no earlier than Friday, June 4, 2021.

Appointment Type

This is for a Permanent Exempt (PEX), Full-Time position not to exceed three (3) years.  This position is excluded by the Charter from the competitive civil service examination process, is considered "at will", and shall serve at the discretion of the appointing officer, the Clerk of the Board of Supervisors.

About the Board of Supervisors

The Board of Supervisors is the legislative branch of the City and County of San Francisco that responds to the needs of the people, establishes city policies, and adopts ordinances and resolutions.

Position Description

The 0931 Chief Information Security Officer (CISO) is dedicated to managing information security, data, technology disaster recovery, risk and technology compliance for the Legislative Branch of Government. The CISO will report directly to the Clerk of the Board and will be a member of the Clerk of the Board’s leadership team and held accountable as the expert in cybersecurity. The CISO will establish and execute an information security strategy, policy, standards, architecture, processes and assessments to ensure that information assets and critical processes are adequately protected with acceptable levels of controls for the Legislative branch. The CISO will be tasked with scaling the security organization and driving the cybersecurity program to its next level of maturity for the Board of Supervisors. The CISO will partner with leaders in the Clerk’s Office, and provide day to day leadership and management to IT and Cybersecurity staff, technology infrastructure and IT operations – including cloud services, communications infrastructure, service desk, data warehouse, business intelligence systems, and Digital services oversight and administration.

We are seeking a knowledgeable leader to provide vision, strategy, and broad-based planning, while applying hands-on responsibility. We are looking for an adaptive communicator with strong interpersonal skills who can both listen and speak at an executive level, and is comfortable making public presentations to elected officials, members of the public, community groups, the media, and other City departments, agencies, and organizations.

The BOS CISO also supports and consults the City CISO in City-wide cybersecurity efforts, participates in the Citywide Cybersecurity Forums, initiates, implements, and executes departmental cybersecurity measures. They will be an advocate for BOS’ information security needs and be responsible for the development and execution of a comprehensive information security strategy to optimize the security posture of BOS within the cybersecurity framework established by the City Cybersecurity Policy.

Essential duties of this position include:

  • Use a risk-based approach to provide leadership, direction and prioritization in assessing and evaluating information security risks across the organization with a high level of integrity and discretion, advising and consulting with executives on identified risks and ensuring the execution of agreed upon mitigation/remediation steps.
  • Create alignment and support for the BOS security program goals, initiatives, and strategies, effectively balancing the needs of internal and external stakeholders and informing leadership at all levels on efforts and trends impacting the overall effectiveness of the information security programs.
  • Provide leadership and direction for all information technology projects and initiatives and development of a new Five-Year IT Plan.
  • Act as an executive Cybersecurity Advisor to the Clerk of the Board and the Board of Supervisors.
  • Introduce and present project initiatives, and secure resources and funding through the Committee on Information Technology (COIT). Follow up with providing quarterly reports to COIT.
  • Promote understanding of regulatory requirements across the organization, leading and/or collaborating with cross functional teams and senior business leaders to ensure execution of required testing and auditing activities by internal and external parties leading to the successful certification and/or compliance of the organization on an on-going basis.
  • Partner with the Citywide Cybersecurity team to monitor external and emerging threats and take all appropriate courses of preventative action and communication.
  • Oversee business continuity and disaster recovery policy management to support departmental compliance with Citywide Disaster Recovery policy, training, testing, and coordination with agencies and staff for disaster planning and preparation.
  • Develop and coordinate plans for BOS incident response within the City cybersecurity incident response framework to ensure that business critical services can be maintained.
  • Participate and support data assets on premises, in coordination with third parties and in the cloud.
  • Ensure project management including processes to manage security risks.
  • Manage procurements, contracts, and vendor negotiations, ensuring ongoing contract security standards and close coordination with legal and risk management.
  • Manage the performance of project staff, including contractors and City and County employees; assigning duties and responsibilities to project personnel, including contract consultants; directing and coordinating activities of project personnel to ensure project progresses on schedule and within budget; conferring with project personnel to provide technical advice and resolve problems.
  • Develop, implement and maintain departmental policies (on a routine cadence) to support Citywide Cybersecurity policies and departmental procedures in order to ensure effective security program operations.
  • Actively represent BOS in security-related matters with the Citywide CISO and in the Citywide Cybersecurity Forum City partners, internal and external customers, and industry groups.
  • Provide regular reporting on the current status of the information security program to risk teams and senior BOS leaders as part to support ongoing security strategy and management.
  • Stay current with industry trends and the latest information security practices and standards to ensure solutions incorporate effective use of technology.
  • Perform other duties, as assigned.

Equal Employment Opportunity

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.

Minimum Qualifications

Possession of a baccalaureate degree from an accredited college or university, with major college coursework in management information systems, computer science, information technology, business administration or closely related field.

Six (6) years of experience in IT systems or projects that provide mission critical IT functions, the failure of which would have a major impact on the organization such as: payroll, cybersecurity, or enterprise management system. Three (3) years of this experience must include supervising staff in a technology unit.


Education Substitution:
Applicants may substitute up to two (2) years of the required education with additional qualifying experience on a year-for-year basis. One year (2,000 hours) of additional qualifying experience will be considered equivalent to 30 semester units/45 quarter units.

Experience Substitution:
Possession of a graduate degree from an accredited college or university in business, engineering, or a closely related field may substitute for one (1) year of the required non-supervisory experience.

Desirable Qualifications

The following desirable qualifications may be used to identify job finalists at the end of the selection process when candidates are referred for hiring. 

  • Graduate degree in business, computer science, engineering, or closely related field.
  • Managerial experience over IT systems.
  • Demonstrated Project Management experience successfully transitioning an organization or functional group from an outdated legacy system to a new application or system.
  • Professional security management certification is desirable (CISSP, CISM, CISA).
  • National Incident Management Training.
  • Experience with vendor management.
  • AXELOS ITIL (information Technology Infrastructure Library) Certification.
  • Knowledge of cybersecurity systems and best practices.
  • Excellent verbal, written, organizational, presentation, and interpersonal communications skills.

Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

One year of full-time employment is equivalent to 2,000 hours (2,000 hours of qualifying work experience is based on a 40-hour work week). Any overtime hours that you work above 40 hours per week are not included in the calculation to determine full-time employment.

How To Apply

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit www.jobaps.com/sf to register an account (if you have not already done so) and begin the application process.

  • Select the desired job announcement
  • Select “Apply” and read and acknowledge the information
  • Select either “I am a New User” if you have not previously registered, or “I have Registered Previously”
  • Follow instructions on the screen

In line with the Official Public Health Order to slow the spread of COVID-19, “shelter-in-place” has been issued for all San Francisco residents that is expected to be in effect until further notice. As a result, Department of Human Resources (DHR)’s office (located at 1 South Van Ness Avenue, 4th Floor, San Francisco, CA 94103) is currently closed to the general public. If you have any questions, please feel free to email the Human Resources Analyst listed on this announcement.

Applicants may be contacted by email about this announcement and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

If you have any questions regarding this recruitment or application process, please contact the recruitment analyst, Jessica Wong, by telephone at (415) 554-7707, or by email at jessica.j.wong@sfgov.org.

Resumes may be attached to the application; however, resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Verification of Experience/Education
Applicants may be required to submit verification of qualifying education and experience, at any point in the application, examination or departmental selection processes. Verification of work experience typically must be on the employer’s letterhead, and must include the applicant’s name, job title, description of job duties, dates of service, and signature of the employer. San Francisco City and County employees do not need to submit verification of their City employment, but must submit verification of outside experience. San Francisco City and County employees will not receive credit for experience obtained outside of their classification unless recorded in accordance with the provisions of the Civil Service Rule 110.9.1.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco. Make sure your application and any attachments to the application submitted at the time of filing are complete and accurate and include details on all experience, education, training and other information that qualifies you for this recruitment. Failure to submit a complete and accurate application at the time of filing may result in your ineligibility for this recruitment or inability to receive full credit for scoring purposes. Any new information concerning work experience, education, training and other information that is submitted after the filing deadline may not be used for scoring or considered to determine whether you meet the minimum qualifications.

Selection Procedures

Applications will be screened for relevant qualifying experience. Additional screening mechanisms may be implemented in order to determine candidates’ qualifications. Only those applicants who most closely meet the needs of the hiring department will be invited to participate in the selection process. Applicants meeting the minimum qualifications are not guaranteed advancement to the interview.

Final candidate(s) will be invited to take the Management Test Battery (MTB). The exam results will be for departmental informational purposes only.

Conviction History

As a selected candidate for a job, you will be fingerprinted, and your fingerprints will be sent to the California Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI). The resulting report of your conviction history (if any) will be used to determine whether the nature of your conviction (or arrest, in limited circumstances) conflicts with the specific duties and responsibilities of the job for which you are a selected candidate. If a conflict exists, you will be asked to present any evidence of rehabilitation that may mitigate the conflict, except when federal or state regulations bar employment in specific circumstances, such as:

  • Candidates for positions with the Unified School District and the Community College District may be disqualified from consideration should their conviction history not meet the standards established under the California Education Code.
  • Candidates for positions with the Recreation and Park Department may be disqualified from consideration should their conviction history not meet the standards established under California Public Resources Code 5164.

Having a conviction history does not automatically preclude you from a job with the City.

If you are a selected candidate, the hiring department will contact you to schedule a fingerprinting appointment.

Disaster Service Workers

All City and County of San Francisco employees are designated Disaster Service Workers through state and local law (California Government Code Section 3100-3109). Employment with the City requires the affirmation of a loyalty oath to this effect. Employees are required to complete all Disaster Service Worker-related training as assigned, and to return to work as ordered in the event of an emergency.


Reasonable Accommodation Request
Applicants with disabilities who meet the minimum eligibility requirements for this job announcement can find information on requesting a reasonable accommodation here.

Terms of Announcement
Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at www.jobaps.com/sf.

Copies of Application Documents
Applicants are advised to keep copies of all documents submitted. Submitted documents become a permanent part of the exam record and will not be returned. The hiring department may require applicants to submit the same documents and/or additional documents at a later date.

Right to Work
All persons entering the City and County of San Francisco workforce are required to provide verification of authorization to work in the United States.

General Information Concerning City and County of San Francisco Employment Policies and Procedures
Important employment information for the City and County of San Francisco can be obtained online here.

Issued: 5/21/21
Carol Isen
Human Resources Director
Department of Human Resources
Recruitment ID #: 112038


All employees hired on or after January 10, 2009 will be required (pursuant to San Francisco Charter Section A8.432) to contribute 2% of pre-tax compensation to fund retiree healthcare. In addition, most employees are required to make a member contribution towards retirement, ranging from 7.5%-13.25% of compensation. For more information on these provisions, please contact the personnel office of the hiring agency.

For more information about benefits, please click here.


Click on a link below to apply for this position:

Fill out the Application NOW using the Internet.

Powered by JobAps