Head of Cyber Risk and Compliance

Our diverse and inclusive workforce of more than 7,000 employees play a key role in the success of San José, the heart of the Silicon Valley. All City of San José employees work together as one team to make San José a vibrant, innovative, and desirable place to live and work. Visit
here
to learn more about our One Team Leadership Values and Expectations, including quality and excellent customer service and
here
to learn more about San José.

The City of San José is an equal opportunity employer. Applicants for all job openings will be considered without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, veteran status or any other consideration made unlawful under any federal, state or local laws. The City of San José is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at , 711 (TTY), or via email at

About The Department
The City of San José innovates to provide exceptional civic services using advanced technologies to help our community thrive.

As one of the largest cities in the nation, the City manages a large set of services and assets and operates on a budget of $5.6 billion, with approximately 7,000 employees, serving about 1 million residents and 60,000 businesses employing 415,000 workers in the heart of Silicon Valley.

The Information Technology Department's (ITD) mission is to enrich the quality of life in San José through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San José 311 resident experience platform, data equity and privacy programs, and strategic planning. San José is powered by truly great people, a robust technology environment, and a strong sense of purpose.

The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San José. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly and for the public good.

Promoting the City's commitment to equity and inclusion, we believe that all members of the community, regardless of background, have access to the tools and resources needed to thrive in the digital age. San José is in the heart of Silicon Valley, which boasts a rich history in technology, education, and agriculture. Over half of San José residents speak a language other than English at home, highlighting the importance of language accessibility in all City services. By fostering inclusivity, promoting digital literacy, and building accessible platforms, we are advancing technology while creating a more equitable future for everyone.

At the City of San José, we promote work-life alignment and a focus on growth to bring out the best in our people. Come join us in making San José the most vibrant, equitable, sustainable, and innovative city in the nation Visit the Information Technology Department's website to learn about our culture, vision, leadership, and innovative initiatives.

Position Duties

NOTE – The first review of applications will be on Thursday, October 23, 2025. Please submit your application by 12:00 p.m. (PST) on Thursday, October 23, 2025, if you would like your application to be included in the first review. Candidates who pass the first application review round will be invited to interviews the week of November 17, 2025.
Position and Duties
The City of San José's Information Technology Department (ITD) is seeking an experienced and forward-thinking leader to serve as the Head of Cyber Risk and Compliance (Enterprise Technology Manager) with a focus on Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and Risk Management. Reporting to the City Information Security Officer (CISO), this role provides senior-level leadership for cybersecurity governance, regulatory compliance, access control, and enterprise risk initiatives that safeguard City services, data, and critical infrastructure.

The Head of Cyber Risk and Compliance will play a critical leadership role in strengthening the City's security governance structure, managing enterprise risks, and ensuring effective identity and access controls across the organization. This position requires a leader who can balance regulatory compliance, security best practices, and operational needs, while fostering a culture of accountability and resilience.

Key responsibilities include, but are not limited to:

• Representing the cybersecurity program in executive meetings, steering committees, and inter-agency collaborations.
• Collaborate with external partners, including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice's Federal Bureau of Investigation (FBI), and State agencies, on compliance, risk, and threat intelligence initiatives.
• Promote Citywide cybersecurity awareness programs, with emphasis on governance, risk, and compliance accountability.
• Lead the planning, execution, and delivery of complex cross-functional projects, ensuring alignment with organizational priorities and stakeholder expectations.
• Lead enterprise risk assessments, threat modeling, and business impact analyses by establishing standardized frameworks to evaluate organizational risk posture and align findings with enterprise objectives.
• Oversee cross-departmental collaboration to identify vulnerabilities, analyze threats, assess potential impacts, and translate results into actionable mitigation strategies that inform executive decision-making.
• Oversee regulatory compliance initiatives, ensuring continuous audit readiness and timely fulfillment of reporting requirements to meet federal, state, and industry standards.
• Provide governance and oversight to maintain adherence to applicable framework, regulatory and certification requirements.
• Coordinate with internal and external auditors and deliver clear risk mitigation and compliance reporting to executive leadership and regulatory bodies.
• Integrate risk management processes into City projects, procurement, and vendor engagements.
• Collaborate with IT operations and emergency management teams on disaster recovery and business continuity planning.
• Lead the City's cybersecurity GRC program, ensuring alignment with frameworks such as NIST CSF, ISO 27001, CJIS, PCI DSS, and other applicable standards.
• Develop, implement, and enforce Citywide cybersecurity policies, standards, and procedures.
• Provide metrics and dashboards on risk posture, policy adoption, and compliance to executive leadership.
• Direct the City's IAM strategy, including identity lifecycle management, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).
• Ensure secure onboarding, offboarding, and role-based access controls (RBAC) across City departments.
• Implement and govern Zero Trust principles to reduce insider and external access risks.
• Partner with IT and business units to advance identity governance and automation.
• Develop and maintain the enterprise Disaster Recovery Plan as well as information systems contingency plans for each system. Perform table-top exercises in accordance with City policy (e.g., every other year).

Please note that the Head of Cyber Risk and Compliance (Enterprise Technology Manager) position is eligible for a hybrid telework schedule, which is subject to change. The City is currently on a 32-hour onsite workweek.

Salary Information:
The final candidate's qualifications and experience shall determine the actual salary. In addition to the starting salary, employees in the Enterprise Technology Manager (ETM) classification shall also receive an approximate five percent (5%) ongoing non-pensionable compensation pay.

• Salary Range (including the 5% NPWI): $170,679.60 – $208,855.92

The ETM classification is represented by the City Association of Management Personnel (CAMP) bargaining unit.

Minimum Qualifications
Education and Experience:
Bachelor's degree from an accredited college or university with coursework in computer science, information systems, business administration, or closely related field AND seven (7) years of experience managing, maintaining and implementing significant technology programs, computer system infrastructure and design, network operations, security design, application development and configurations and system/servicer administration, including a combination of five (5) years of supervisory and project personnel management experience, of which at least two (2) years should be supervisory experience over a technical team.

Required Licensing (such as driver's license, certifications, etc.):
Possession of a valid State of California driver's license.

Passing the San Jose Police Department (SJPD) background check is also a condition of employment.

Other Qualifications
Competencies
The ideal candidates will possess the following competencies, as demonstrated in past and current employment history. The ideal candidate will possess a combination of technical, governance, and leadership expertise to oversee the City's Governance, Risk, and Compliance (GRC) and Identity & Access Management (IAM) operations:

Job Expertise
–
Demonstrates knowledge of and experience with applicable professional/technical principles and practices, Citywide and departmental procedures/policies, and federal and state rules and regulations.

• Seven or more (7+) years of experience in information security and/or compliance (FISMA, SOX, PCI, HIPAA, etc.), risk management, including threat modeling, vulnerability assessment, and/or incident response.
• Five or more (5+) years directly managing and leading cross-functional technical cybersecurity teams.
• Experience managing complex, multiple and/or cross-departmental/divisional projects at once.
• Skilled in program management, executive communication, and collaboration with internal stakeholders, external auditors, and partner agencies.
• Strong knowledge of regulatory frameworks and standards applicable to government, including NIST Cybersecurity Framework, NIST 800-53, CJIS, PCI DSS, and HIPAA.

• Proven ability to ensure audit readiness, manage internal controls, develop and enforce policies, and oversee third-party risk management programs.

• Ability to communicate security-related concepts to a broad range of technical and non-technical audiences, acting as a bridge between IT and business process owners.

• Experience working with third-party service providers in the delivery of outsourced cybersecurity contract services to augment and/or run cybersecurity programs and/or in assessing and selecting security tools.
• Strong understanding of cloud security, including familiarity with security challenges and solutions in cloud environments (Azure, Hyperconverged Infrastructure, private cloud, etc.).
• Strong understanding of secure network architecture, VPNs, secure web gateways, firewalls, and network segmentation as it relates to risk mitigation.
• Familiarity with Identity and Access Management (IAM) operations, including access reviews, password management, multi-factor authentication (MFA), privileged account management, and other access controls.

• Familiarity with Identity and Access Management (IAM) authentication protocols and concepts, including SAML, SSO, LDAP, OAuth, Open ID, etc.

• Possess and maintain a current, terminal-level cybersecurity credential such as:

• Certified Information Systems Security Professional (CISSP);

• Certified Information Systems Auditor (CISA);
• Certified Information Security Manager (CISM);
• Certified in the Governance of Enterprise IT (CGEIT);
• Certified in Risk and Information Systems Control (CRISC); and/or

• An equivalent professional, industry-recognized certification acceptable to the City.

• Ability to obtain and maintain SECRET Security Clearance within a reasonable period of time acceptable to the City.

Building Trust
–
Communicates an understanding of the other person's interests, needs and concerns; identifies and communicates shared interests and goals; identifies and communicates differences as appropriate; demonstrates honesty, keeps commitments, and behaves in an appropriate manner.

Project Management –
Ensures support for projects and implements agency goals and strategic objectives.

Leadership –
Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and direction.

Conflict Management –
Uses appropriate interpersonal styles and methods to reduce tension or conflict between two or more people, by presenting the facts, analysis, and conclusions or solutions that show command of content and perspectives and interests of the audience.

Problem Solving –
Approaches a situation or problem by defining the problem or issue; determines the significance of problem; collects information; uses logic and intuition to arrive at decisions or solutions to problems that achieve the desired outcome.

Communication Skills –
Effectively conveys information and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills; displays openness to other people's ideas and thoughts.

Multi-Tasking
–
Can handle multiple projects and responsibilities simultaneously; has handled a wide variety of assignments in past and/or current position(s).

Political Skill
–
In taking action, demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.

Supervision
–
Sets effective long and short-term goals based on a good understanding of management practices; establishes realistic priorities within available resources; provides motivational support; empowers others; assigns decision-making and work functions to others in an appropriate manner to maximize organizational and individual effectiveness.

Technology Use/Management
–
Uses efficient and cost-effective approaches to integrate technology into the workplace and improve program effectiveness.

Selection Process
The selection process will consist of an evaluation of the applicant's training and experience based on the application and responses to all the job-specific questions. You must answer all questions to be considered, or your application may be deemed incomplete and withheld from further consideration. Only those candidates whose backgrounds best match the position will be invited to proceed in the selection process. Additional phases of the selection process will consist of one or more interviews, one of which may include a practical and/or writing exercise.

If you have questions about the duties of these positions, the selection, or the hiring processes, please contact Tram Nguyen at

Additional Information:
Employment Eligibility:
Federal law requires all employees to provide verification of their eligibility to work in this country. Please be informed that the City of San Jose will NOT sponsor, represent or sign any documents related to visa applications/transfers for H1-B or any other type of visa which requires an employer application.

You must answer all job-specific questions to be considered for this vacancy or your application will be deemed incomplete and withheld from further consideration. Applicants are expected to write their own essays/responses.

Please note that applications are currently
not
accepted through CalOpps or any other third party job board application system.

This recruitment may be used to fill multiple positions in this, or other divisions or departments. If you are interested in employment in this classification, you should apply to ensure you are considered for additional opportunities that may utilize the applicants from this recruitment.

Please allow adequate time to complete the application and submit before the deadline or the system may not save your application. If your online application was successfully submitted, you will receive an automatic confirmation email to the email address you provided. IF YOU DO NOT RECEIVE THE CONFIRMATION, please email and we will research the status of your application.