Technology Risk and Resilience Specialist (1054) - Department of Technology

Why Work for the Department of Technology (DT)? DT is the centralized technology services provider in the City and County of San Francisco (CCSF). We deliver technology infrastructure and services to approximately 33,000 employees! With an annual operating budget of over $140M and approximately 300 employees, DT provides a host of services that range from Public Safety radio and wiring and Network services to Enterprise Support and the Cloud.

Benefits of Working for CCSF:  In addition to challenging and rewarding work, the City provides a generous suite of benefits to its employees.

• Competitive pay, as well as pension and robust retirement options. 
• Generous paid time off, family leave, and more!
• Hybrid Work with a minimum of 20% of time spent in our office in San Francisco, California for all IT related roles
• Diverse work environment in a diverse city
• Career development and growth — move between departments, learn on the job, or take subsidized/reimbursed classes!

PEOPLE-CENTERED SOLUTIONS — have a powerful, meaningful effect on the community each day with people at the heart of every solution!

CLOSING THE DIGITAL DIVIDE — bring the benefits of the internet to low-income and marginalized residents!

SHINE A LIGHT ON WHAT MATTERS — join an award-winning production team at SFGovTV to help residents watch legislators or learn more about what makes this City great!

DRIVE INNOVATION — deliver new, cutting-edge technology to residents and city partners to help San Francisco serve its residents!

The Technology Risk and Resilience Specialist is responsible for developing, implementing, and maintaining risk management and resilience strategies to safeguard the organization's technology infrastructure. The specialist will work closely with various stakeholders to identify potential risks, develop contingency plans, and ensure that the organization is prepared to respond to and recover from disruptive events.

Major functions in this role include (and are not limited to):

 1.    Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program.
2.    Conduct in-depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services.
3.    Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects.
4.     Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications.
5.    Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment.
6.    Perform detailed Vendor Risk Assessments, analyzing the security posture of third-party vendors and implementing risk mitigation strategies where necessary.
7.     Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities.
8.    Coordinate with technology and business units to assess, implement, and continuously monitor IT-related security risks, ensuring a proactive approach to threat mitigation.
9.    Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
10.    Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices.
11.    Maintain an up-to-date understanding of industry changes related to security, integrating cutting-edge developments into the organization's risk and resilience strategies

Appointment Type:

This Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.

Work Location

If hired, incumbent must be a resident of or relocate to the State of California within 4 weeks as a condition of employment.

This position supports remote work. The incumbent may be permitted to work a hybrid schedule with their supervisor’s approval, after which they must work at least two days in the office every two weeks.

Minimum Qualifications

Education:

An associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field].

Experience:

Five (5) years of experience in the information systems field, including system analysis, business process design, development and implementation of business application solutions or IT project management.

Substitution:

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Desirable Qualifications 

• 2-3 years of experience in IT System Infrastructure, Disaster Recovery, Business Continuity, and Risk Management.
• In-depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques, technologies, and best practices.
• Proven experience in executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms.
• Demonstrated proficiency in BC/DR program execution, managing process change projects, and overseeing the full DR program lifecycle.
• Strong understanding of quantitative risk management, including Factor Analysis of Information Risk (FAIR), and experience in applying these frameworks to resilience initiatives.
• Ability to effectively collaborate with technical, non-technical, and management stakeholders.
• Familiarity with Governance, Risk, and Compliance (GRC) platforms (e.g., ServiceNow [SNOW], LogicGate, OneTrust).
• Relevant security certifications (e.g., Security+, CISA, CISM, CRISC) preferred.
• Preferred skills in SharePoint and reporting services.
• Awareness of privacy concepts and regulations related to risk and resilience.

Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employer’s official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employee’s class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at http://sfdhr.org/index.aspx?page=456.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Compensation: $70.6875 - $88.9250 (hourly)/$147,030 - $184,964 (annually) 

How to Apply:

• Applicants are encouraged to apply immediately as this recruitment may close at any time, but not before Friday, January 17th, 2025.
  • Your application MUST include a resume.  To upload, please attach using the "additional attachments" function.

You may contact Lawlun Leung via email at [email protected] with questions regarding this opportunity.

Late or incomplete submissions will not be considered. Mailed, hand delivered or faxed documents/applications will not be accepted.

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview
• Equal Employment Opportunity
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

All your information will be kept confidential according to EEO guidelines.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.