Technology Risk and Resilience Specialist

Summary

Join the Department of Technology (DT) in San Francisco as a Technology Risk and Resilience Specialist! This permanent, full-time position involves developing, implementing, and maintaining risk management and resilience strategies for the city's technology infrastructure. You will collaborate with various stakeholders, conduct risk assessments, design resilience solutions, and lead disaster recovery exercises. The role requires a strong understanding of IT systems, risk management frameworks, and cybersecurity. The City offers competitive pay, robust retirement options, generous paid time off, and a hybrid work schedule. This is a fantastic opportunity to contribute to a vital city service and advance your career.

Requirements

• An associate degree in business administration, public administration, information systems, economics, finance, computer science or a closely related field from an accredited college or university OR its equivalent in terms of total course credits/units [i.e., at least sixty (60) semester or ninety (90) quarter credits/units with a minimum of twenty (20) semester or thirty (30) quarter credits/units in one of the fields above or a closely-related field]
• Five (5) years of experience in the information systems field, including system analysis, business process design, development and implementation of business application solutions or IT project management

Responsibilities

• Partner with various City departments to architect, design, and rigorously test resilience solutions for all critical City systems, ensuring alignment with the citywide technology resilience program
• Conduct in-depth Technology Risk Assessments and Business Impact Analyses (BIA) to pinpoint vulnerabilities in IT infrastructure, assessing their potential impact on City operations and critical services
• Work closely with technical engineering teams to comprehend evolving system architectures, embedding resilience considerations into the design, development, and testing phases of IT projects
• Design, plan, and lead comprehensive resilience testing and disaster recovery exercises, collaborating with recovery teams to validate the robustness of critical systems and applications
• Execute thorough cybersecurity risk assessments to ensure compliance with City cybersecurity mandates, identifying and mitigating potential threats to the IT environment
• Perform detailed Vendor Risk Assessments, analyzing the security posture of third-party vendors and implementing risk mitigation strategies where necessary
• Develop, analyze, and disseminate routine reports aligned with Governance, Risk, and Compliance (GRC) metrics, providing actionable insights into the organization's risk management activities
• Coordinate with technology and business units to assess, implement, and continuously monitor IT-related security risks, ensuring a proactive approach to threat mitigation
• Conduct technical research to support threat assessments, staying ahead of emerging risks and adapting risk mitigation strategies accordingly
• Regularly review and update IT policies, procedures, and processes to ensure alignment with industry standards, regulatory requirements, and best practices
• Maintain an up-to-date understanding of industry changes related to security, integrating cutting-edge developments into the organization's risk and resilience strategies

Preferred Qualifications

• 2-3 years of experience in IT System Infrastructure, Disaster Recovery, Business Continuity, and Risk Management
• In-depth knowledge of Disaster Recovery (DR) and Business Continuity (BC) planning techniques, technologies, and best practices
• Proven experience in executing technology recovery testing for enterprise applications and systems across data centers and cloud platforms
• Demonstrated proficiency in BC/DR program execution, managing process change projects, and overseeing the full DR program lifecycle
• Strong understanding of quantitative risk management, including Factor Analysis of Information Risk (FAIR), and experience in applying these frameworks to resilience initiatives
• Ability to effectively collaborate with technical, non-technical, and management stakeholders
• Familiarity with Governance, Risk, and Compliance (GRC) platforms (e.g., ServiceNow [SNOW], LogicGate, OneTrust)
• Relevant security certifications (e.g., Security+, CISA, CISM, CRISC) preferred
• Preferred skills in SharePoint and reporting services
• Awareness of privacy concepts and regulations related to risk and resilience

Benefits

• Competitive pay, as well as pension and robust retirement options
• Generous paid time off, family leave, and more!
• Hybrid Work with a minimum of 20% of time spent in our office in San Francisco, California for all IT related roles
• Career development and growth — move between departments, learn on the job, or take subsidized/reimbursed classes!