Chief Information Security Officer; Manager V - Department of Public Health

Position: Chief Information Security Officer (0933 Manager V) - Department of Public Health
Chief Information Security Officer Manager V) - Department of Public Health

Location:

San Francisco, CA

Salary: $183,144 - $233,766 annually (Range

A) as of January 3, 2026

Appointment Type:
Permanent Civil Service

Solicitation

The Department of Public Health prioritizes equitable and inclusive access to quality healthcare for its community and values diversity in its workforce. All employees work to advance equity, inclusion, and diversity with a focus on race, ethnicity, gender, sex, sexuality, disability, and immigration status.

The San Francisco Department of Public Health (SFDPH) seeks a dynamic and experienced cybersecurity professional to join its IT leadership team. The Chief Information Security Officer (CISOManager V) will develop and execute a comprehensive information security strategy that safeguards the department’s systems, data, and services.

Responsibilities

• Provide strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advise executive leadership on identified risks and ensure timely execution of mitigation and remediation plans with integrity and discretion.

• Direct ongoing development of the department’s information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third‑party risk management.

• Allocate and manage resources to support a robust security strategy. Identify and advocate for strategic investments, oversee capital and operating budgets, and deliver ROI analyses and budget recommendations.

• Partner with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions, and other initiatives. Develop tools and interventions to mitigate risks, establish performance metrics, and monitor compliance through audits and assessments.

• Build alignment and support for security goals and initiatives across internal and external stakeholders. Communicate effectively with leadership at all levels on trends, risks, and the overall effectiveness of the security program.

• Promote awareness and understanding of regulatory requirements across the organization. Lead or collaborate on testing and auditing activities to ensure ongoing compliance and successful certifications.

• Analyze security requirements and ensure compliance with industry standards such as HIPAA, NIST, and PCI‑DSS.

• Establish and maintain comprehensive policies and procedures to support effective and sustainable security operations.

• Serve as the department’s representative in security‑related matters with City agencies and partners.

• Continuously monitor emerging trends, technologies, and best practices in cybersecurity to ensure the department’s security posture remains current and effective.

How To Qualify

•

Education:

Bachelor’s degree from an accredited college or university; AND

•

Experience:

Five (5) years of professional healthcare information systems security experience, of which three (3) years must include supervising IT professionals.

Education substitution:
Additional experience may be substituted for the required degree on a year‑for‑year basis. One (1) year is equivalent to thirty (30) semester units / forty‑five (45) quarter units.

Desirable Qualifications

• Possession of a Certified Information Systems Security Professional (CISSP) and/or Certified Information Security Manager (CISM) certification.

Selection Procedures

After application submission, candidates deemed qualified must complete all subsequent steps to advance in this selection process, which includes the following:

• Supplemental Questionnaire (SQ) Examination (Weight: 100%) – Candidates that meet the minimum qualifications are invited to participate. The SQ examines knowledge, skills, and abilities in job-related areas such as HIPAA, HITECH, NIST, HITRUST, ISO 27001, PCI‑DSS, and related cyber security frameworks, technology, hospital environments, management and budgeting, communication, judgement, and stakeholder engagement.

• Successful completion places applicants on the…