Director, Cybersecurity and IT Compliance - SFO - ITT (9978) - (147108)

Career Opportunity

Director, Cybersecurity and IT Compliance - SFO - ITT (9978) - (147108)

Recruitment: RTF0147107-01155088

Published: August 06, 2024

Contact:

Yevette Sugabo Solmoro - yevetteivy.sugabosol@flysfo.com

Apply using SmartRecruiters, the City and County of San Francisco's application portal.

Department: San Francisco International Airport
Job class: 9978-Technology Expert II
Role type: Permanent Exempt What does this mean?
Hours: Full-time

About:

Appointment Type: Permanent Exempt. This position is excluded by the Charter from the competitive civil service examination process and shall serve at the discretion of the Appointing Officer.

Application Opening: Tuesday, August 6, 2024
Application Deadline: Apply Immediately. Application filing will be open at least through 5:00 PM on Monday August 12, 2024 and will close any time thereafter.
Compensation Range: $174,252 - $222,430 annually
Recruitment ID: RTF0147107-01155088
Location: San Francisco International Airport
Working Hours: Full-time, 40 hours per week, Monday – Friday, 8 am - 5 pm, Hybrid work schedule

San Francisco International Airport (SFO), an enterprise department of the City and County of San Francisco (CCSF), has approximately 1,700 CCSF employees and strives to be a diverse, equitable, and inclusive employer.

SFO’s mission is delivering an airport experience where people and our planet come first and our core values are Safety and Security, Teamwork, Excellence, Care, and Equity. Learn more about careers at SFO.

For more information about SFO, visit www.flysfo.com. Follow us on Twitter and Facebook.

Role description

Under general administrative direction, reporting to Chief Digital Transformation Officer (CDTO), the Director of Cybersecurity and Compliance oversees the Cybersecurity and Compliance work unit and is responsible for strengthen and aid in the development of an enterprise information security program to protect the integrity, availability, and confidentiality of information communications technology (ICT), industrial control systems (ICS) and electronic data resources in accordance with accepted industry practices and stakeholders’ tolerance for risk. To safeguard these information assets properly this position will be responsible for ensuring Information Technology and Telecommunications (ITT) identifies and implements Airport security policies, standards, guidelines, processes, procedures, and operational practices while assuring its goals and objectives are properly aligned with their respective mission, goals, and objectives.

As a team member of SFO, you will embrace SFO’s core values and SFO’s Racial Equity Action Plan.

The essential functions of this position include:

Identifies cyber-security threats and coordinates the remediation of exploitable vulnerabilities; makes decisions using a high degree of independent judgment and discretion; facilitates and negotiates numerous politically sensitive issues involved in the management of the Airport’s information assets across complex threat scenarios.
Manages and coordinates unit resources when they are performing duties and responsibilities related to the planning, design and implementation of processes, procedures, practices, safeguards, and controls related to information cyber-security so that managers’ and stakeholders’ interests are properly represented. Works closely with other managers to ensure that information assets are maintained in a manner consistent with Airport CDTO’s appetite for risk.
Assesses the effectiveness of existing technical controls intended to minimize the consequences of a cyber-security breach within the Airport infrastructure (i.e Maintain Payment card Industry (PCI) standards and other related criteria in an airport environment, etc.).
Coordinates and liaises with local and federal law enforcement representatives with respect to cyber-based criminal, counterespionage and counter-terrorism concerns that have the potential to adversely impact Airport security and operations as directed by Airport CDTO. Assesses ITT’s ability to respond to cyber-related issues in accordance with digital forensic and incident response guidelines established by US-CERT and the U.S. Department of Justice.
Develops, implements, and oversees the ITT goals, objectives, policies, and procedures related to the integrity, availability, and confidentiality of information communications technology and electronic data in support of the Airport’s mission and in accordance with accepted industry practices and stakeholders’ tolerance for risk.
Identifies technology and techniques to promote secure communications and the appropriate protection of information within the Airport.
Provides ITT strategic direction and oversight within the field of information security and forensics as directed by the Airport CDTO.
Works closely with vendors and contractors to strengthen the development of an enterprise information security program in accordance with accepted industry practices and stakeholders’ tolerance for risk.
Communicates with Airport Senior Management and other government agencies on cyber-security issues that may adversely impact operations and stakeholders’ interests as directed by the Airport CDTO.
Investigates potential misuse of information assets and resources as directed by the Airport CDTO.
Perform other functions outlined in the 9978 Technology Expert II
May include additional duties as assigned.

How to qualify

Education:
Possession of a bachelor’s degree in computer science, computer engineering or a closely related field from an accredited college or university.

Experience
Five (5) years of verifiable professional-level Information Technology Cybersecurity experience, of which must include three (3) years of supervising professionals in the field.

SUBSTITUTION:
Education Substitution: Additional qualifying experience as described above may substitute for the required degree on a year -for-year basis. One year (2000 hours) of additional qualifying experience is equal to 30 semester or 45 quarter units.

Note: One-year full-time employment is equivalent to 2000 hours (2000 hours of qualifying work experience is based on a 40 hours work week.) Any overtime hours that you work above forty (40) hours per week are not included in the calculation to determine full-time employment.

Note: Applicants must meet the minimum qualification requirement by the final filing date unless otherwise noted.

Desirable Qualifications:
The stated desirable qualifications may be considered at the end of the selection process when candidates are referred for hiring.

Five (5) years of experience in Information Communications Technology and Software Engineering.
Three (3) years of experience in the design and implementation of complex ICT systems related to information security.
Certification, International System Security Certification Consortium (ISC2)
Certified Information Systems Security Professional (CISSP);
Certification, Information Systems Audit and Control Association (ISACA),
Certified in Risk and Information Systems Control (CRISC)

Verification:

Applicants may be required to submit verification of qualifying education and experience at any point during the recruitment and selection process. If education verification is required, information on how to verify education requirements, including verifying foreign education credits or degree equivalency, can be found at https://sfdhr.org/how-verify-education-requirements.

All work experience, education, training and other information substantiating how you meet the minimum qualifications must be included on your application by the filing deadline.

Information submitted after the filing deadline will not be considered in determining whether you meet the minimum qualifications.

Resumes will not be accepted in lieu of a completed City and County of San Francisco application.

Applications completed improperly may be cause for ineligibility, disqualification or may lead to lower scores.

Note: Falsifying one’s education, training, or work experience or attempted deception on the application may result in disqualification for this and future job opportunities with the City and County of San Francisco.

Transportation (TSA) Security Clearance: Candidates for employment with the San Francisco Airport Commission are required to undergo a criminal history record check, including FBI fingerprints, and Security Threat Assessment to determine eligibility for security clearance and may be required to undergo drug/alcohol screening. Per Civil Service Commission Rule Section 110.9.1, every applicant for an examination must possess and maintain the qualifications required by law and by the examination announcement for the examination. Failure to obtain and maintain security clearance may be the basis for termination of employment with the Airport Commission.

What else should I know?

Additional Information Regarding Employment with the City and County of San Francisco:

HOW TO APPLY

Applications for City and County of San Francisco jobs are only accepted through an online process. Visit https://careers.smartrecruiters.com/CityAndCountyOfSanFrancisco1/ and begin the application process.

Select the “I’m Interested” button and follow instructions on the screen.

Applicants may be contacted by email about this recruitment and, therefore, it is their responsibility to ensure that their registered email address is accurate and kept up-to-date. Also, applicants must ensure that email from CCSF is not blocked on their computer by a spam filter. To prevent blocking, applicants should set up their email to accept CCSF mail from the following addresses (@sfgov.org, @sfdpw.org, @sfport.com, @flysfo.com, @sfwater.org, @sfdph.org, @asianart.org, @sfmta.com, @sfpl.org, @dcyf.org, @first5sf.org, @famsf.org, @ccsf.edu, @smartalerts.info, and @smartrecruiters.com).

Applicants will receive a confirmation email that their online application has been received in response to every announcement for which they file. Applicants should retain this confirmation email for their records. Failure to receive this email means that the online application was not submitted or received.

Recruitment Analyst Information: If you have any questions regarding this recruitment or application process, please contact the analyst Yevette Ivy Solmoro at yevetteivy.sugabosol@flysfo.com.

The City and County of San Francisco encourages women, minorities and persons with disabilities to apply. Applicants will be considered regardless of their sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition (associated with cancer, a history of cancer, or genetic characteristics), HIV/AIDS status, genetic information, marital status, sexual orientation, gender, gender identity, gender expression, military and veteran status, or other protected category under the law.