The Chief Information Security Officer (0933 Manager V) is responsible for developing and delivering a comprehensive information security strategy and framework to optimize the security posture of the organization. The role leads the design and execution of a security program that promotes cross-functional collaboration, supports effective governance, advises senior leadership on security priorities and resource allocation, and establishes policies to manage information security risks. The Chief Information Security Officer reports directly to the Chief Information Officer (CIO) and oversees a team of twelve security professionals.

The Chief Information Security Officer (0933 Manager V) performs the following essential job functions:

• Provides leadership, direction, and prioritization in assessing and evaluating information security risks across the organization, advising and consulting with executives on identified risks and ensuring the execution of mitigation and remediation steps.
• Oversees strategic planning and execution across the information security portfolio, including incident response, policy frameworks, compliance, threat management, and targeted training, with specialized triaging for high-risk areas.
• Manages capital and operating budgets and provides Return on Investment (ROI) analyses and IT budget recommendations.
• Collaborates with the Office of Compliance and Privacy Affairs to evaluate data security risks associated with departmental initiatives and design effective mitigation tools and strategies.
• Analyzes security requirements and ensures enterprise and product compliance with industry standards, including HIPAA, HITRUST, ISO 27001, NIST, PCI-DSS, and other security standards. Drives cross-functional collaboration with internal teams and senior leaders to ensure timely execution of testing and auditing activities, securing certification and maintaining organizational compliance.
• Ensures alignment of security strategies with organizational goals, addressing stakeholder priorities and advising leadership on developments influencing the success of information security initiatives.
• Develops, implements, and maintains policies and procedures to ensure effective security program operations.
• Represents DPH in security-related matters with City partners, internal and external stakeholders, and industry groups.

About San Francisco Department of Public Health

The Mission of the San Francisco Department of Public Health (SFDPH) is to protect and promote the health of all San Franciscans. SFDPH strives to achieve its mission through the work of multiple divisions - the San Francisco Health Network, Population Health, Behavioral Health Services, and Administration. The San Francisco Health Network is the City’s only complete system of care and has locations throughout the City, including Zuckerberg San Francisco General Hospital and Trauma Center, Laguna Honda Hospital and Rehabilitation Center, and over 15 primary care health centers. The Population Health Division (PHD) provides core public health services for the City and County of San Francisco: health protection, health promotion, disease and injury prevention, and disaster preparedness and response. Behavioral Health Services operates in conjunction with SFHN and provides a range of mental health and substance use treatment services.

Connections working at San Francisco Department of Public Health