Chief Information Security Officer - 0941 SFPUC | City and County of San Francisco

Career Opportunity

Chief Information Security Officer - 0941 SFPUC

Recruitment: RTF0126129-01040392

Published: November 10, 2022

Contact:

Michelle Chee - MChee@sfwater.org

Apply using SmartRecruiters, the City and County of San Francisco's application portal.

Department: Public Utilities Commission
Job class: 0941-Manager VI
Starting salary range: $189,878.00 - $242,398.00 (Range A)
Role type: Permanent Civil Service What does this mean?
Hours: Full-time
Exam type: Position Based Test
Rule: Rule of the List
List type: Combined Promotive and Entrance

About:

GENERAL INFOMATION

Application Opening: November 10, 2022
Application Deadline: December 1, 2022
Analyst Name: Michelle Chee
Annual Salary: $175,864 - $224,484
List ID: PBT-0941-126131; RTF0126129

San Francisco Public Utilities Commission (SFPUC)
Headquartered in San Francisco, we have 2,300 employees operating across eight counties serving more than 2.7 million customers in the San Francisco Bay Area – 24 hours per day, 365 days per year.

Our Mission: To provide our customers with high quality, efficient, and reliable water, power, and wastewater services in a manner that values environmental and community interests and sustains the resources entrusted to our care.
Our Vision: We are an innovative utility leader, recognized for excellent results in service, safety, stewardship, and inclusiveness.

We are an award-winning and industry-leading utilities organization committed to our customers, community interests, and the environment. We value our highly qualified and dedicated workforce which ensures that this vision becomes a reality. To learn more about our organization, please visit our website at https://www.sfpuc.org/.

Role description

The Chief Information Security Officer (CISO) is an executive level position reporting to the Chief Information Officer (CIO) for the SFPUC. The CISO is directly responsible for understanding the business needs with the primary lens of Cybersecurity to ensure adequate Cybersecurity safeguards are in place for 3 Enterprise Divisions (Water, Power, Wastewater) and 17 Bureaus that make up the SFPUC. The CISO will proactively work to ensure the SFPUC effectively manages cybersecurity risks though the use of a standard industry cybersecurity frameworks and in alignment with both Committee on Information Technology (COIT) and Citywide Office of Cybersecurity (DT); while ensuring compliance to all regulatory requirements. A key element of the CISO’s role is working with management across the SFPUC to determine acceptable levels of risk for the organization. The CISO serves as the owner of all cybersecurity/information security, cybersecurity risk management, cybersecurity compliance and privacy activities agency wide. They will direct the development and implementation of timely agency wide cybersecurity goals, policies, standards, and strategic plans; manages the allocation of resources and service levels to meet business needs.

Essential Duties:

Directs the development and implementation of timely agency wide cybersecurity goals, policies, standards, and strategic plans; manages the allocation of resources and service levels to meet business needs
Oversees the operation of agency wide cybersecurity functions (listed below), activities and programs; sets objectives and monitors the performance of subordinate staff engaged in defined activities
- Identity, Access & Directory Services
- Cybersecurity Governance, Risk & Compliance (GRC)
- Cybersecurity Awareness & Training
- Cybersecurity Architecture & Engineering
- Cybersecurity Operations
- Facilitate Litigation Support & Technical
- Requests/Inquiries/Investigations
- Disaster Recovery & Resilience
Monitors the cybersecurity organizational structure, staff assignments, service levels and administrative systems required to accomplish the agency's mission and objectives in an effective and efficient manner; directs the identification and analysis of opportunities for service enhancements.
Consults with the COIT and the Citywide Office of Cybersecurity regarding the activities of the functional area assigned and coordinates within the Agency to address service needs; may represent the Agency before or provide information to commissions, boards, committees and representatives from federal, state and local agencies, organizations, Information Sharing Analysis Centers (ISACs) and the media.

How to qualify

Bachelor of Science Degree in Computer Science or related field; AND
Four (4) years of verifiable IT Cybersecurity management experience for a utility organization, all of which must include supervisory

Substitution: Additional experience as described above may be substituted for the required degree on a year-for-year basis. One (1) year is equivalent to thirty (30) semester or forty-five (45) quarter units.

Desirables:

Cybersecurity experience with Supervisory Control and Data Acquisition (SCADA)
Experience with WECC/NERC regulation and compliance
IT project management experience, including developing, maintaining, and monitoring operational performance budgets and business strategies

Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted. Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment process. For education verification information, including verifying foreign education equivalency, click HERE.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications. Resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

What else should I know?

Compensation and Benefits: The normal annual salary range is $175,864 - $224,484. Appointment above the maximum of the normal range may be considered based on documented and substantiated recruitment and retention issues or exceptional skills. A special approval process is necessary for appointment above the normal salary range.

In addition, the City and County of San Francisco (City) offers comprehensive benefit programs which include:

Medical, Vision, Dental, and Life insurance
Long-term disability plan; Flexible Spending Accounts
Pension Plan; Retiree Healthcare; Deferred Compensation Program
Paid Management Training Program; Wellness Program
Paid Vacation, Holidays, Sick Leave; Management Leave

Learn more about the City’s Management Benefits.

HOW TO APPLY
Applications for City and County of San Francisco jobs are only accepted through an online process. Select the “I’m Interested” button and follow instructions on the screen.

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Having Trouble?
If you are having trouble with the application, please visit Smart Recruiter's FAQs or email supportfeedback@smartr.me. It is suggested you use Google Chrome or Microsoft Edge web browser to submit the application.

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

EXAM INFORMATION
Exam Type: Combined Promotive Entrance (CPE)
Certification : Rule of the List
Eligible List Duration: Twelve (12) months
The duration of the eligible list may be extended with the approval of the Human Resources Director.

Selection Procedures
After application submission, candidates deemed qualified must complete all subsequent steps to advance in this selection process, which includes the following:

Minimum Qualification Supplemental Questionnaire (MQSQ) completed online (Qualifying)
Online Supplemental Essay Exam (100%)

Minimum Qualification Supplemental Questionnaire (MQSQ)
Once the application is closed, qualified candidates will be sent a Minimum Qualification Supplemental Questionnaire (MQSQ) to complete.

Supplemental Questionnaire Essay Exam (100%)
The purpose of the Supplemental Questionnaire (SQ) is to evaluate the experience, knowledge, skills and abilities that candidates possess in job-related areas, which have been identified as critical for this position and include, but are not limited to: Knowledge of cybersecurity frameworks, utility regulatory compliance (NERC-CIP), technical skills, risk management, decision making, communication, and supervision skills.

Qualified candidates will be sent email notices to complete the MQSQ and SQ exam. Failure to complete these steps by the established deadlines will result in disqualification.

A passing score must be achieved on the exam to be placed on the eligible list and continue in the selection process. Additional selection processes, like interviews, may be conducted by the hiring department prior to making final hiring decisions.

Score Report/Eligible List
A confidential eligible list of applicant names that have passed the civil service examination process will be created, and used for certification purposes only. An examination score report will be established, so applicants can view the ranks, final scores and number of eligible candidates. Applicant information, including names of applicants on the eligible list, shall not be made public unless required by law. However, an eligible list shall be made available for public inspection, upon request, once the eligible list is exhausted or expired and referrals resolved. The eligible list/score report resulting from this civil service examination process is subject to change after adoption (e.g., as a result of appeals), as directed by the Human Resources Director or the Civil Service Commission.
To find Departments which use this classification, please see https://sfdhr.org/sites/default/files/documents/Forms-Documents/Position-Counts-by-Job-Codes-and-Department-FY-2021-22.pdf.”

Additional Information Regarding Employment with the City and County of San Francisco:

Applicants must be guided solely by the provisions of this announcement, including requirements, time periods and other particulars, except when superseded by federal, state or local laws, rules or regulations. Clerical errors may be corrected by the posting the correction on the Department of Human Resources website at https://careers.smartrecruiters.com/CityAndCountyOfSanFrancisco1/

The terms of this announcement may be appealed under Civil Service Rule 111A.35.1. The standard for the review of such appeals is ‘abuse of discretion’ or ‘no rational basis’ for establishing the position description, the minimum qualifications and/or the certification rule. Appeals must include a written statement of the item(s) being contested and the specific reason(s) why the cited item(s) constitute(s) abuse of discretion by the Human Resources Director. Appeals must be submitted directly to the Executive Officer of the Civil Service Commission within five business days of the announcement issuance date.

All your information will be kept confidential according to EEO guidelines.

If you have any questions regarding this recruitment or application process, please contact the exam analyst, Michelle Chee by email at mchee@sfwater.org.
MC/PBT-0941-01040932

CONDITION OF EMPLOYMENT: All City and County of San Francisco employees are required to be fully vaccinated against COVID-19 as a condition of employment. Someone is fully vaccinated when 14 days have passed since they received the final dose of a two-shot vaccine or a dose of a one-shot vaccine. Any new hire must present proof of full vaccination status to be appointed. Any new hire who will be routinely assigned or occasionally enter High-Risk Settings, must provide proof of having received a COVID-19 booster vaccine by March 1, 2022, or once eligible.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.