Technology Risk and Resilience Specialist (1054) - Department of Technology

The Technology Risk and Resilience Specialist is responsible for developing, implementing, and maintaining risk management and resilience strategies to safeguard the organization's technology infrastructure. The specialist will work closely with various stakeholders to identify potential risks, develop contingency plans, and ensure that the organization is prepared to respond to and recover from disruptive events.

Major functions in this role include (and are not limited to):
 1.    Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program.
2.    Conduct in-depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services.
3.    Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects.
4.     Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications.
5.    Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment.
6.    Perform detailed Vendor Risk Assessments, analyzing the security posture of third-party vendors and implementing risk mitigation strategies where necessary.
7.     Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities.
8.    Coordinate with technology and business units to assess, implement, and continuously monitor IT-related security risks, ensuring a proactive approach to threat mitigation.
9.    Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly.
10.    Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices.
11.    Maintain an up-to-date understanding of industry changes related to security, integrating cutting-edge developments into the organization's risk and resilience strategies

Appointment Type:

This Permanent Exempt (PEX), Full Time position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the appointment officer. The anticipated duration of this project position is thirty-six (36) months and will not result in an eligible list or permanent civil service hiring.

Work Location

Incumbent will conduct the majority of work at the Department of Technology, (1 S Van Ness, Ave San Francisco, CA 94103).  However, there may be situations where the incumbent will be required to work at other sites throughout the City of San Francisco as necessary.

Nature of Work

The Department may offer a hybrid work schedule. Traveling within San Francisco may be required.