The City and County of San Francisco (City) is hiring a Cybersecurity Risk Analyst. The analyst will support a critical function of the City's Cybersecurity Division that will be directly responsible for reducing risks posed to the City. The analyst will be tasked with the important role of identifying, assessing, controlling, and monitoring risks through the Citywide enterprise.
They will gain firsthand experience supporting and maturing a Technology Risk & Resilience program.
Examples of Important and Essential Duties
- Analyze data processing needs, which include a performance of policies and supporting procedures/processes.
- Evaluate vendor products by conducting vendor risk assessments to assess the security posture of vendors.
- Conduct user training and support the cyber awareness training and education program, including phishing simulations.
- Facilitate communication between clients and vendors regarding system maintenance issues; coordinate with technology and business groups to assess, implement, and monitor IT-related security risks and hazards.
- Perform non-routine adds, moves, and changes as needed; perform cyber risk assessments against city cybersecurity requirements; and perform assessments of adherence to standards.
- Create, documents and compile manuals related to procedures.
- Participate and represent the department in computer users meetings or meetings of related committees to track and monitor risk mitigation plans.
- Research and evaluate technology through industry meetings, seminars, and vendor contacts in conducting technical research to aid in threat assessment or risk mitigation activities.
- Identify opportunities for improvements through automation and stay on top of changes in the industry as it relates to security.
- Create and generate reports and statistics to meet user and program requirements in accordance with GRC metrics.
- Inter-face with other departments, jurisdictions and users on regulations and reporting requests.
- Performs related duties as assigned.
