Career Opportunity

Cybersecurity Governance, Risk, & Compliance Analyst (Principal Administrative Analyst) – Cybersecurity - ITS - SFPUC (1824) 133942

Recruitment: RTF0133941-01154144

Published: May 01, 2023

Apply using SmartRecruiters, the City and County of San Francisco's application portal.

About:

• Application Opening: 05/01/2023
• Application Filing Deadline: 05/15/2023
• Annual Salary: $128,050 to $155,662 Annually 
• Recruitment ID:  RTF0133941-01154144 (TEX-1824-133942)

APPOINTMENT TYPE: Temporary Exempt: This position is excluded by the Charter from the competitive Civil Service examination process and shall serve at the discretion of the Appointing Officer. The duration of the appointment shall not exceed 36 months.

WHO ARE WE?
San Francisco Public Utilities Commission (SFPUC)
Headquartered in San Francisco, we have 2,300 employees operating across eight counties serving more than 2.7 million customers in the San Francisco Bay Area – 24 hours per day, 365 days per year.

Our Mission: To provide our customers with high quality, efficient, and reliable water, power, and wastewater services in a manner that values environmental and community interests and sustains the resources entrusted to our care.

Our Vision: We are an innovative utility leader, recognized for excellent results in service, safety, stewardship, and inclusiveness.

We are an award-winning and industry-leading utilities organization committed to our customers, community interests, and the environment. To learn more about our organization, please visit our website at https://www.sfpuc.org/.

We are proud of our infrastructure and programs, but most importantly, we value our highly qualified and dedicated workforce which ensures that this vision becomes a reality.

To learn more about working at the SFPUC, visit our career site at https://www.sfpuc.org/about-us/careers-sfpuc

Role description

Cybersecurity Governance, Risk, & Compliance 1824 Principal Administrative Analyst 

Location: 525 Golden Gate Ave, San Francisco, CA 94102, USA

Standard Business Hours: (Monday – Friday/ 8am – 5pm)

______

POSITION DESCRIPTION

Under the general direction of the Chief Information Security Officer (CISO), this Principal Administrative Analyst will be focused on the Governance, Risk & Compliance (GRC), Awareness & Training, Audits and Reporting aspects of the cybersecurity program. This Cybersecurity Analyst is responsible for monitoring cybersecurity industry standard practices to ensure the safety, secure and resilient IT and OT (Operational Technology) environments at the San Francisco Public Utilities Commission (SFPUC). In this role, the Cybersecurity Analyst will assist with the coordination of cybersecurity activities and collaborate Agency-wide and ensure alignment with external policymakers.

In addition to cybersecurity knowledge, this role requires business acumen. Including the ability to collaborate internally Agency-wide and within the larger Citywide cybersecurity ecosystem.

Essential functions of this position include:

• Manage the SFPUC cybersecurity Policies, Standards, and Guidelines to ensure the SFPUC cybersecurity expectation are effectively communicated. Ensure alignment with the COIT (Committee on Information Technology), the City’s Office of Cybersecurity (DT), Office of Contract Administration (OCA) and Mayor’s Executive Directives.
• Manage the SFPUC cybersecurity Risk Management program including the risk tracking, reporting and exception aspects. In addition, facilitating the Risk Advisory Services, Risk Assessment and Vendor Risk Assessments processes in alignment with both the SFPUC’s Enterprise Risk Management, City Risk Managers cybersecurity insurance program and the City’s Office of Cybersecurity’s Risk Management program.
• Manage the SFPUC cybersecurity compliance program. Track and report compliance to the SFPUC, COIT, OCA and the City’s Office of Cybersecurity’s Authority Documents (Policy & Standards). Ensure regulatory compliance.
• Facilitate the coordinate formal cybersecurity audit activities as the audit. Track and report on remediation activities.
• Ensure alignment to the COIT Security Awareness & Training Policy. Coordinate the Annual Training including the tracking and reporting. Administer the Security Awareness Technologies. Identify higher risk staff that could benefit from additional training.
• Track and Coordinate Annual Reporting Activities.
• Track and Coordinate Metrics and the CISO Dashboard. Ensure Metrics drive the Cybersecurity Strategic Planning activities along with coordinating the Cybersecurity biennial financial planning activities. 

The 1824 Principal Administrative Analyst will perform other related duties as assigned.

How to qualify

Possession of a baccalaureate degree from an accredited college or university, and five (5) years full-time equivalent experience performing professional-level analytical work. Qualifying professional-level analytical work includes analysis, development, administration, and reporting in major programs and functions of an organization in the areas of budgets, contracts, grants, policy, or other functional areas related to the duties of positions in the 182X Class series.

Substitution:

Possession of a graduate degree (Master's degree or higher) from an accredited college or university with major coursework in specialized subject matter areas such as public or business administration, management, business law, contract law, public policy, urban studies, economics, statistical analysis, finance, accounting, or other fields of study closely related to the essential functions of positions in the Class series may be substituted for one (1) year of required experience.

Additional experience as described above may be substituted for the required degree on a year-for-year basis (up to a maximum of 2 years). Thirty (30) semester units or forty-five (45) quarter units equal one year.

Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

Verification of Education and Experience:

Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://sfdhr.org/how-verify-education-requirements

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline. Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

What else should I know?

• Information About The Hiring Process
• Conviction History
• Employee Benefits Overview  
• Equal Employment Opportunity 
• Disaster Service Worker
• ADA Accommodation
• Right to Work
• Copies of Application Documents
• Diversity Statement

HOW TO APPLY

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit https://careers.smartrecruiters.com/CityAndCountyOfSanFrancisco1/ and begin the application process.

• Select the “I’m Interested” button and follow instructions on the screen

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Job Analyst Information: If you have any questions regarding this recruitment or application process, please contact the job analyst, Yvane Mirabueno, by email at YMirabueno@sfwater.org.

CONDITION OF EMPLOYMENT:  All City and County of San Francisco employees are required to be fully vaccinated against COVID-19 as a condition of employment. Someone is fully vaccinated when 14 days have passed since they received the final dose of a two-shot vaccine or a dose of a one-shot vaccine. Any new hire must present proof of full vaccination status to be appointed. Any new hire who will be routinely assigned or occasionally enter High-Risk Settings, must provide proof of having received a COVID-19 booster vaccine by March 1, 2022, or once eligible.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.