DEPUTY CHIEF INFORMATION SECURITY OFFICER

The Department Of Technology (DT) Is Looking For Passionate IT Professionals To Help Shape The Future Of Technology In San Francisco As The Centralized Technology Services Provider For The City And County Of San Francisco (CCSF), DT Delivers Critical Infrastructure And Services To Over 33,000 Employeessupporting Public Safety, Municipal Broadband, Cybersecurity, Cloud Solutions, And More With a $140M+ Annual Budget And a Team Of 300+ Experts, DT Is Leading The Charge In Digital Transformation. IT Project Management Office
Enterprise Application Services
Cloud Center of Excellence
IT Operations and Support including the Service Desk and NOC
City Infrastructure including the Network, Telcom and Data Centers
Office of Cybersecurity including Cyber Defense, Identity Management and Disaster Recovery
Public Safety Systems and Municipal Broadband Fiber
Emerging Technologies
Your expertise will directly impact the residents of San Francisco, from closing the digital divide to ensuring secure, efficient city operations.
Competitive pay, benefits, and retirement options
Career growth opportunities through training, internal mobility, and subsidized education
The City and County of San Francisco's Department of Technology (DT), Office of Cybersecurity, is seeking a Deputy Chief Information Security Officer (Deputy CISO) to support the City's Chief Information Security Officer (CISO) in leading the development, implementation, and management of the Citywide Cybersecurity Program. This executive-level position is responsible for guiding risk management, governance, and cybersecurity operations in alignment with the National Institute of Standards and Technology (NIST) Cybersecurity Framework and City policies. The Deputy CISO will also:
Oversee the day-to-day operations of the Cyber Defense division, including cyber detection, monitoring, incident response, and investigation.
Support monitoring and optimizing DT\'s organizational structure, staffing, and service levels, ensuring effective cybersecurity practices across the City and County.
Assist the City CISO with financial and strategic planning for the Office of Cybersecurity, and help coordinate communications with City staff, Departmental Information Security Officers, and external partners at the state and federal levels.
Play a critical leadership role in advancing the City and County of San Francisco\'s cybersecurity posture, supporting the Chief Information Security Officer (CISO) in defining and executing the City\'s cybersecurity strategy and roadmap.
Serves as acting CISO when required and ensures alignment of City cybersecurity policies, standards, and practices with compliance frameworks such as NIST CSF, HIPAA, and PCI-DSS.
Leads the Cyber Defense Division, overseeing staff responsible for 24/7 cyber incident response, security data analytics, and detection and response solutions. This includes managing complex, multi-year deployments of cybersecurity monitoring technologies across more than 50 City departments, and creating Citywide cyber incident response procedures and standards.
Guide the development and implementation of multi-year cybersecurity programs that strengthen operational resilience.
Be responsible for office-wide coordination across cybersecurity functionsoverseeing internal procedures, standards, budget development, vendor procurements, and strategic staffing activities including recruitment, hiring, performance evaluation, and staff development.
Partner with executive leadership, department heads, and external agencies to advance cybersecurity objectives Citywide and coordinate communication across departments and with the public to raise cybersecurity awareness, including outreach related to cyber scams.
Serves as a liaison with key federal and regional partners such as the FBI and the Northern California Regional Intelligence Center (NCRIC), and tracks and reports key cybersecurity performance and risk metrics to City leadership.
Baccalaureate degree in computer science, cybersecurity, risk management or a closely related field from an accredited college or university AND
At least seven (7) years of experience working in risk management and information security in a multi-department organization of which 3 years must include experience supervising professionals.
Additional experience in information technology may substitute for the Bachelor\'s degree on a year-for-year basis (e.g., four (4) additional years of experience can substitute for a bachelor\'s degree, two (2) to three (3) years of additional experience along with an Associate\'s degree (AA) or equivalent may substitute for the bachelor\'s degree).
fostering collaboration, accountability, and high performance while driving measurable results.
Strategic thinker with proven ability to develop and execute long-term cybersecurity and technology plans aligned with organizational mission, risk tolerance, and operational priorities.
Track record of optimizing operational processes, improving efficiency, and managing complex, cross-functional initiatives with a focus on continuous improvement and risk reduction.
Deep experience in enterprise cybersecurity programs, including governance, risk management, policy development, and security operations in highly regulated, complex environments.
Skilled at translating cybersecurity and technology risk into clear business and operational impacts for executive leadership, enabling informed decision-making.
Demonstrated ability to lead incident response and resilience efforts, coordinating across technical teams, executives, legal, privacy, and communications during high-pressure situations.
Commitment to talent development through mentorship, coaching, and workforce planning, fostering inclusive, high-performing teams and long-term organizational capability.
Ability to leverage technology for competitive advantage and growth, aligning innovation with departmental and organizational objectives.
Applicants may be required to submit verification of qualifying education and experience at any point in the application and/or departmental selection process. Written verification must be submitted on employers official letterhead, specifying name of employee, dates of employment, types of employment (part-time/full-time), job title(s), description of duties performed, and the verification must be signed by the employer. Experience claimed in self-employment must be supported by documents verifying income, earnings, business license and experience comparable to the minimum qualifications of the position. Copies of income tax papers or other documents listing occupations and total earnings must be submitted. Note: Falsifying ones education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.
Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is twelve (12) months and will not result in an eligible list or permanent civil service hiring. Project-based posi]]