IS Cybersecurity Business Analyst (1052) - Department of Technology

The City and County of San Francisco (City) are excited to be hiring a Governance, Risk, and Compliance (GRC) security analyst. The analyst will support a critical function of the Office of Cybersecurity that will be directly responsible for reducing risks posed to the City. The analyst will be tasked with the important role of identifying, assessing, controlling, and monitoring risks through the Citywide enterprise. They will gain firsthand experience supporting and maturing a GRC program.

• Perform cyber risk assessments against City cybersecurity requirements.
• Conduct Vendor Risk Assessments to assess security posture of vendors.
• Support the cyber awareness training and education program, including phishing simulations.
• Track and monitor risk mitigation plans.
• Develop routine reports in accordance with GRC metrics
• Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards
• Conduct technical research to aid in threat assessment or risk mitigation activities
• Perform assessments of adherence to standards
• Perform review of policies and supporting procedures/processes.
• Stay on top of changes in the industry as it relates to security.