Technology Risk and Resilience Specialist (1054) Department of Technology

The Technology Risk and Resilience Specialist is responsible for developing implementing and maintaining risk management and resilience strategies to safeguard the organizations technology infrastructure. The specialist will work closely with various stakeholders to identify potential risks develop contingency plans and ensure that the organization is prepared to respond to and recover from disruptive events.

Major functions in this role include (and are not limited to):
 1.    Partner with various City departments to architect design and rigorously test resilience solutions for all critical City systems ensuring alignment with the citywide technology resilience program.
2.    Conduct in-depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure assessing their potential impact on City operations and critical services.
3.    Work closely with technical engineering teams to comprehend evolving system architectures embedding resilience considerations into the design development and testing phases of IT projects.
4.     Design plan and lead comprehensive resilience testing and disaster recovery exercises collaborating with recovery teams to validate the robustness of critical systems and applications.
5.    Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates identifying and mitigating potential threats to the IT environment.
6.    Perform detailed Vendor Risk Assessments analyzing the security posture of third-party vendors and implementing risk mitigation strategies where necessary.
7.     Develop analyze and disseminate routine reports aligned with Governance Risk and Compliance (GRC) metrics providing actionable insights into the organizations risk management activities.
8.    Coordinate with technology and business units to assess implement and continuously monitor IT-related security risks ensuring a proactive approach to threat mitigation.
9.    Conduct technical research to support threat assessments staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
10.    Regularly review and update IT policies procedures and processes to ensure alignment with industry standards regulatory requirements and best practices.
11.    Maintain an up-to-date understanding of industry changes related to security integrating cutting-edge developments into the organizations risk and resilience strategies

Appointment Type:

This Permanent Exempt (PEX) Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.

Work Location

Incumbent will conduct the majority of work at the Department of Technology (1 S Van Ness Ave San Francisco CA 94103).  However there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.

Nature of Work

The Department may offer a hybrid work schedule. Traveling within San Francisco may be required.

Qualifications :

Minimum Qualifications

Education: An associate degree in business administration public administration information systems economics finance computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units i.e. at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field.

Experience: Five (5) years of experience in the information systems field including system analysis business process design development and implementation of business application solutions or IT project management.

Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Desirable Qualifications 

• 2-3 years of experience in IT System Infrastructure Disaster Recovery Business Continuity and Risk Management.
• In-depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques technologies and best practices.
• Proven experience in executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms.
• Demonstrated proficiency in BC/DR program execution managing process change projects and overseeing the full DR program lifecycle.
• Strong understanding of quantitative risk management including Factor Analysis of Information Risk (FAIR) and experience in applying these frameworks to resilience initiatives.
• Ability to effectively collaborate with technical non-technical and management stakeholders.
• Familiarity with Governance Risk and Compliance (GRC) platforms (e.g. ServiceNow SNOW LogicGate OneTrust).
• Relevant security certifications (e.g. Security CISA CISM CRISC) preferred.
• Preferred skills in SharePoint and reporting services.
• Awareness of privacy concepts and regulations related to risk and resilience.

Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employers official letterhead specifying name of employee dates of employment types of employment (part-time/full-time) job title(s) description of duties performed and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employees class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income earnings business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required information on how to verify education requirements including verifying foreign education credits or degree equivalency can be found at ones education training or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Applicants must meet the minimum qualification requirement by the final application deadline unless otherwise noted. 

What Else Should I Know

Selection Procedures 

The selection process will include evaluation of applications in relation to minimum requirements and assessment of candidates job-related knowledge skills and abilities. Depending on the number of applicants the Department may establish and implement additional screening mechanisms to evaluate candidate qualifications. This typically includes an oral interview and/or a written or performance exercise.  

If this becomes necessary only those applicants whose qualifications most closely meet the  Department needs will be invited to continue in the selection process. Applicants meeting the minimum requirements are not guaranteed advancement in the selection process. 

To find Departments which use this classification please see: Information :

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview
• Equal Employment Opportunity
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

Compensation: $72.1125 - $90.7125 (hourly)/$149994 - $188682 (annually) 

How to Apply:   
Applications for City and County of San Francisco jobs are only accepted through an online process. Visithttps:// begin the application process.  

1. Select the Apply Now button and follow instructions on the screen  

For best practices on the application process please visit Apply for Jobs in the City and County of San Francisco Best Practices Guide. Applicants may be contacted by email about this announcement and therefore it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking applicants should set up their email to accept CCSF mail from the following addresses @ @ @ @ @ @ @ @ @ @ @ @ @ @ and @).  

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their to receive this email means that the online application was not submitted or received.  

All your information will be kept confidential according to EEO guidelines.  

HR Analyst Information: If you have any questions regarding this recruitment or application process please contact the assigned Human Resources Analyst Melanie Bautista at

Condition of Employment:   

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

Remote Work :

No

Employment Type :

Full-time