IS Cybersecurity Business Analyst (1052) Department of Technology

The City and County of San Francisco (City) are excited to be hiring a Governance Risk and Compliance (GRC) security analyst. The analyst will support a critical function of the Office of Cybersecurity that will be directly responsible for reducing risks posed to the City. The analyst will be tasked with the important role of identifying assessing controlling and monitoring risks through the Citywide enterprise. They will gain firsthand experience supporting and maturing a GRC program.

• Perform cyber risk assessments against City cybersecurity requirements.
• Conduct Vendor Risk Assessments to assess security posture of vendors.
• Support the cyber awareness training and education program including phishing simulations.
• Track and monitor risk mitigation plans.
• Develop routine reports in accordance with GRC metrics
• Coordinate with technology and business groups to assess implement and monitor IT-related security risks/hazards
• Conduct technical research to aid in threat assessment or risk mitigation activities
• Perform assessments of adherence to standards
• Perform review of policies and supporting procedures/processes.
• Stay on top of changes in the industry as it relates to security. 

Qualifications :

Education:

An associate degree in business administration public administration information systems economics finance computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units i.e. at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field.

Experience:

One (1) year in the information systems field including technical support content management administration of network applications or system analysis.

Substitution:

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of two (2) years). One (1) year is equivalent to thirty (30) semester units / forty-five (45) quarter units with a minimum of 10 semester / 15 quarter units in one of the fields above or a closely related field.

Completion of the 1010 Information Systems Trainee Program may be substituted for the required degree.

Desirable Qualifications:

• Comfortable with quantitative risk management Factor Analysis of Information Risk (FAIR).
• Familiar with GRC platforms (i.e. SNOW LogicGate OneTrust etc).
• Possess security certifications (i.e. Security CISA CISM CRISC etc).
• Preferred skills in SharePoint and reporting services
• Familiar with Privacy concepts.

Note:  Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted. 

One-year full-time employment is considered equivalent to 2000 hours (2000 hours of qualifying work experience is based on a 40hour work week). Any overtime hours that you work above forty (40) hours per week are not included in the calculation to determine full-time employment. 

Additional Information :

• Information About the Hiring Process 

• Conviction History 

• Employee Benefits Overview 

• Equal Employment Opportunity 

• Disaster Service Worker 

• ADA Accommodation 

• Veterans Preference 

• Right to Work 

• Copies of Application Documents 

• Diversity Statement 

Applicants will receive a confirmation email from  that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received. 

Applicants may be contacted by email about this recruitment and therefore it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking applicants should set up their email to accept CCSF mail from the following addresses (@ @ @ @ @ @ @ @ @ @ @ @ @ @ and @). 

Exam Analyst Information:If you have any questions regarding this recruitment or application process please contact the analyst at 

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

Remote Work :

No

Employment Type :

Full-time