DEPUTY CHIEF INFORMATION SECURITY OFFICER (0933) Department of Technology

The City and County of San Franciscos Department of Technology (DT) Office of Cybersecurity is seeking a Deputy Chief Information Security Officer (Deputy CISO) to support the Citys Chief Information Security Officer (CISO) in leading the development implementation and management of the Citywide Cybersecurity Program. This executive-level position is responsible for guiding risk management governance and cybersecurity operations in alignment with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and City policies.  The Deputy CISO will also: 

• Oversee the day-to-day operations of the Cyber Defense division including cyber detection monitoring incident response and investigation.
• Support monitoring and optimizing DTs organizational structure staffing and service levels ensuring effective cybersecurity practices across the City and County.
• Take strategic leadership role requiring deep cybersecurity expertise experience managing complex organizational dynamics and a demonstrated ability to lead large-scale technical initiatives in the public sector.
•  Assist the City CISO with financial and strategic planning for the Office of Cybersecurity and help coordinate communications with City staff Departmental Information Security Officers and external partners at the state and federal levels.
• Play a critical leadership role in advancing the City and County of San Franciscos cybersecurity posture supporting the Chief Information Security Officer (CISO) in defining and executing the Citys cybersecurity strategy and roadmap.
• Serves as acting CISO when required and ensures alignment of City cybersecurity policies standards and practices with compliance frameworks such as NIST CSF HIPAA and PCI-DSS.
• Leads the Cyber Defense Division overseeing staff responsible for 24/7 cyber incident response security data analytics and detection and response solutions. This includes managing complex multi-year deployments of cybersecurity monitoring technologies across more than 50 City departments and creating Citywide cyber incident response procedures and standards.
• Guide the development and implementation of multi-year cybersecurity programs that strengthen operational resilience.
• Be responsible for office-wide coordination across cybersecurity functionsoverseeing internal procedures standards budget development vendor procurements and strategic staffing activities including recruitment hiring performance evaluation and staff development.
• Partner with executive leadership department heads and external agencies to advance cybersecurity objectives Citywide and coordinate communication across departments and with the public to raise cybersecurity awareness including outreach related to cyber scams.
• Serves as a liaison with key federal and regional partners such as the FBI and the Northern California Regional Intelligence Center (NCRIC) and tracks and reports key cybersecurity performance and risk metrics to City leadership.

Qualifications :

Baccalaureate degree in computer science cybersecurity risk management or a closely related field from an accredited college or university AND      

At least seven (7) years of experience working in risk management and information security in a  multi-department organization of which 3 years must include experience supervising professionals.

Additional experience in information technology may substitute for the Bachelors degree on a year-for -year basis (e.g. four (4) additional years of experience can substitute for a bachelors degree two (2) to three (3) years of additional experience along with an Associates degree (AA) or equivalent may substitute for the bachelors degree).

Desirable Qualifications

• Strong leadership abilities managing and guiding diverse multidisciplinary teams; fostering collaboration accountability and high performance while driving measurable results.
• Strategic thinker with proven ability to develop and execute long-term cybersecurity and technology plans aligned with organizational mission risk tolerance and operational priorities.
• Track record of optimizing operational processes improving efficiency and managing complex cross-functional initiatives with a focus on continuous improvement and risk reduction.
• Deep experience in enterprise cybersecurity programs including governance risk management policy development and security operations in highly regulated complex environments.
• Proficient in cybersecurity frameworks and standards (e.g. NIST CSF 2.0 NIST 800-53 ISO 27001) with the ability to apply them pragmatically across diverse departments.
• Skilled at translating cybersecurity and technology risk into clear business and operational impacts for executive leadership enabling informed decision-making.
• Demonstrated ability to lead incident response and resilience efforts coordinating across technical teams executives legal privacy and communications during high-pressure situations.
• Excellent communication skills both verbal and written to effectively convey complex technical concepts to non-technical stakeholders brief senior leadership and build trusted relationships with internal and external partners.
• Experience working in highly governed or regulated environments with strong understanding of audit compliance privacy and public-sector accountability requirements.
• Commitment to talent development through mentorship coaching and workforce planning fostering inclusive high-performing teams and long-term organizational capability.
• Ability to leverage technology for competitive advantage and growth aligning innovation with departmental and organizational objectives.

Highly desirable certifications may include the following (or a recognized professionally accepted equivalent): 

• International System Security Certification Consortium (ISC2) Certification 
• Certified Information Systems Security Professional (CISSP) 
• Information Systems Audit and Control Association (ISACA) Certification 
• Certified in Risk and Information Systems Control (CRISC)

Verification: Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification (proof) of qualifying experience must verify that the applicant meets the minimum qualifications stated on the announcement. Written verification must be submitted on employers official letterhead specifying name of employee dates of employment types of employment (part-time/full-time) job title(s) description of duties performed and the verification must be signed by the employer. City employees will receive credit for the duties of the class to which they are appointed. Credit for experience obtained outside of the employees class will be allowed only if recorded in accordance with the provisions of the Civil Service Commission Rules. Experience claimed in self-employment must be supported by documents verifying income earnings business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. If education verification is required information on how to verify education requirements including verifying foreign education credits or degree equivalency can be found at ones education training or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Applicants must meet the minimum qualification requirement by the final application deadline unless otherwise noted. 

Additional Information :

Permanent Exempt (PEX) Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is twelve (12) months and will not result in an eligible list or permanent civil service hiring. Project-based positions cannot be ongoing or exceed 36 months

Work Location

Incumbent will conduct the majority of work at the Department of Technology (1 South Van Ness San Francisco CA 94103).  However there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.

Nature of Work

Incumbent must be willing to work 40 hours a week in the office or field Monday - Friday.  Travel within San Francisco will be required.

Applicants are encouraged to apply immediately as this recruitment may close at any time but not before February 6 2026.

1. Your application MUST include a resume.  To upload please attach using the additional attachments function.
2. You may contact Lawlun Leung via email at  with questions regarding this opportunity.
3. Late or incomplete submissions will not be considered. Mailed hand delivered or faxed documents/applications will not be accepted.

How to Apply:   
Applications for City and County of San Francisco jobs are only accepted through an online process. Visithttps:// begin the application process.  

1. Select the Apply Now button and follow instructions on the screen  

For best practices on the application process please visit Apply for Jobs in the City and County of San Francisco Best Practices Guide. Applicants may be contacted by email about this announcement and therefore it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking applicants should set up their email to accept CCSF mail from the following addresses @ @ @ @ @ @ @ @ @ @ @ @ @ @ and @).  

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their to receive this email means that the online application was not submitted or received.  

All your information will be kept confidential according to EEO guidelines.  

Additional Information Regarding Employment with the City and County of San Francisco:

• Information About the Hiring Process
• Conviction History
• Employee Benefits Overview
• Equal Employment Opportunity
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

The City and County of San Francisco encourages women minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex race age religion color national origin ancestry physical disability mental disability medical condition (associated with cancer a history of cancer or genetic characteristics) HIV/AIDS status genetic information marital status sexual orientation gender gender identity gender expression military and veteran status or other protected category under the law.

Remote Work :

No

Employment Type :

Full-time