Governance, Risk, and Compliance (GRC) Analyst (1042) - Department of Technology Application Opening: Wednesday, October 15, 2025. Application Deadline: Wednesday, October 29, 2025, 11:59 PM PST. About Department of Technology Department of Technology (DT) is the centralized technology services provider for the City and County of San Francisco. DT delivers critical infrastructure and services to over 33,000 employees, supporting public safety, municipal broadband, cybersecurity, cloud solutions, and more. With a $140M+ annual budget and a team of 300+ experts, DT is leading the charge in digital transformation. Core Areas of IT Excellence IT Project Management Office Enterprise Application Services Cloud Center of Excellence IT Operations and Support including the Service Desk and NOC City Infrastructure including the Network, Telcom and Data Centers Office of Cybersecurity including Cyber Defense, Identity Management and Disaster Recovery Public Safety Systems and Municipal Broadband Fiber SFGovTV Broadcasting Services IT Finance and Administration Services Emerging Technologies Job Description The City and County of San Francisco (City) is excited to be hiring a Governance, Risk, and Compliance (GRC) security analyst. The analyst will support a critical function of the Office of Cybersecurity that will be directly responsible for reducing risks posed to the City. The analyst will be tasked with the important role of identifying, assessing, controlling, and monitoring risks through the Citywide enterprise. They will gain firsthand experience supporting and maturing a GRC program. Responsibilities Perform cyber risk assessments against City cybersecurity requirements. Conduct Vendor Risk Assessments to assess security posture of vendors. Support the cyber awareness training and education program, including phishing simulations. Track and monitor risk mitigation plans. Develop routine reports in accordance with GRC metrics. Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards. Conduct technical research to aid in threat assessment or risk mitigation activities. Perform assessments of adherence to standards. Perform review of policies and supporting procedures/processes. Stay on top of changes in the industry as it relates to security. Qualifications Minimum Qualifications Associate degree in Computer Science, Computer Engineering, Information Systems, or a closely related field (or equivalent). Minimum 60 semester or 90 quarter credits. One (1) year of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network. Additional work experience may substitute for the required degree on a year‑for‑year basis (up to two years). Desirable Qualifications 1‑2 years working in a cyber GRC type role. Risk Analytics experience within IT. Familiar with cybersecurity frameworks (NIST CSF/RMF, NIST 800‑53, FedRAMP, etc). Familiar with security standards (HIPAA, PCI‑DSS, etc). Familiar with vendor risk management assessments (SOC2, CAIQ, etc). Comfortable having a technical discussion. Proficient in Excel or similar. Ability to define and communicate risk in business‑relevant language. Excellent verbal and written communication skills. Comfortable with quantitative risk management, FAIR. Familiar with GRC platforms (SNOW, LogicGate, OneTrust, etc). Possess security certifications (Security+, CISA, CISM, CRISC, etc). Preferred skills in SharePoint and reporting services. Familiar with privacy concepts. Benefits Competitive pay, benefits, and retirement options. Career growth opportunities through training, internal mobility, and subsidized education. Diverse work environment in a diverse city. Hybrid work schedule. EEO and Diversity Statement The City and County of San Francisco encourages women, minorities, and persons with disabilities to apply. Applicants will be considered regardless of sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, HIV/AIDS status, genetic information, marital status, sexual orientation, gender identity, gender expression, military and veteran status, or other protected category under the law. How to Apply Applications for City and County of San Francisco jobs are only accepted through an online process. Visit and begin the application process. #J-18808-Ljbffr City and County of San Francisco
...greeter or information associate. Qualifications Education High School Diploma or Equivalent required Can this role accept experience in lieu of a degree? No Licenses and Credentials Experience receptionist experience 0-1 year preferred Knowledge, Skills and Abilities...
...Document Specialist - Century BMW in Greenville, SC at Sonic Automotive Job Type: Other Experience: Associate About At Century BMW, a Sonic Automotive family dealership, you'll find the opportunities, resources, and support you need to grow and develop...
A client of Innova Solutions is immediately hiring an Information Security Systems Engineer. Position Type: Full time Contract, Potential Contract to Hire Duration:Months Location: Ashburn Virginia/ Palm Bay, FL / Clifton, NJ (Onsite) As an Information Security Systems...
We are looking for a Director of Sports for an International School based in Shanghai. This is a full-time position starting from August... ...and proud environment. Job responsibilitiesDevelop and manage a comprehensive sports program aligned with the schools missionIntroduce...
Daniel Defense, a leader in the firearms and accessories manufacturing industry, is seeking a skilled Equipment Maintenance 3 technician. This role involves maintaining and enhancing the operational capability of manufacturing equipment crucial to the mission-critical...