Governance, Risk, and Compliance (GRC) Analyst (1042) - Department of Technology Application Opening: Wednesday, October 15, 2025. Application Deadline: Wednesday, October 29, 2025, 11:59 PM PST. About Department of Technology Department of Technology (DT) is the centralized technology services provider for the City and County of San Francisco. DT delivers critical infrastructure and services to over 33,000 employees, supporting public safety, municipal broadband, cybersecurity, cloud solutions, and more. With a $140M+ annual budget and a team of 300+ experts, DT is leading the charge in digital transformation. Core Areas of IT Excellence IT Project Management Office Enterprise Application Services Cloud Center of Excellence IT Operations and Support including the Service Desk and NOC City Infrastructure including the Network, Telcom and Data Centers Office of Cybersecurity including Cyber Defense, Identity Management and Disaster Recovery Public Safety Systems and Municipal Broadband Fiber SFGovTV Broadcasting Services IT Finance and Administration Services Emerging Technologies Job Description The City and County of San Francisco (City) is excited to be hiring a Governance, Risk, and Compliance (GRC) security analyst. The analyst will support a critical function of the Office of Cybersecurity that will be directly responsible for reducing risks posed to the City. The analyst will be tasked with the important role of identifying, assessing, controlling, and monitoring risks through the Citywide enterprise. They will gain firsthand experience supporting and maturing a GRC program. Responsibilities Perform cyber risk assessments against City cybersecurity requirements. Conduct Vendor Risk Assessments to assess security posture of vendors. Support the cyber awareness training and education program, including phishing simulations. Track and monitor risk mitigation plans. Develop routine reports in accordance with GRC metrics. Coordinate with technology and business groups to assess, implement, and monitor IT-related security risks/hazards. Conduct technical research to aid in threat assessment or risk mitigation activities. Perform assessments of adherence to standards. Perform review of policies and supporting procedures/processes. Stay on top of changes in the industry as it relates to security. Qualifications Minimum Qualifications Associate degree in Computer Science, Computer Engineering, Information Systems, or a closely related field (or equivalent). Minimum 60 semester or 90 quarter credits. One (1) year of experience analyzing, installing, configuring, enhancing, and/or maintaining the components of an enterprise network. Additional work experience may substitute for the required degree on a year‑for‑year basis (up to two years). Desirable Qualifications 1‑2 years working in a cyber GRC type role. Risk Analytics experience within IT. Familiar with cybersecurity frameworks (NIST CSF/RMF, NIST 800‑53, FedRAMP, etc). Familiar with security standards (HIPAA, PCI‑DSS, etc). Familiar with vendor risk management assessments (SOC2, CAIQ, etc). Comfortable having a technical discussion. Proficient in Excel or similar. Ability to define and communicate risk in business‑relevant language. Excellent verbal and written communication skills. Comfortable with quantitative risk management, FAIR. Familiar with GRC platforms (SNOW, LogicGate, OneTrust, etc). Possess security certifications (Security+, CISA, CISM, CRISC, etc). Preferred skills in SharePoint and reporting services. Familiar with privacy concepts. Benefits Competitive pay, benefits, and retirement options. Career growth opportunities through training, internal mobility, and subsidized education. Diverse work environment in a diverse city. Hybrid work schedule. EEO and Diversity Statement The City and County of San Francisco encourages women, minorities, and persons with disabilities to apply. Applicants will be considered regardless of sex, race, age, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, HIV/AIDS status, genetic information, marital status, sexual orientation, gender identity, gender expression, military and veteran status, or other protected category under the law. How to Apply Applications for City and County of San Francisco jobs are only accepted through an online process. Visit and begin the application process. #J-18808-Ljbffr City and County of San Francisco
...Job Description Job Description Benefits: Company parties Flexible schedule Free food & snacks Free uniforms Entry-Level Solar Sales Representative Ready to kickstart your career in sales? Were looking for motivated, energetic individuals to join...
Envirodyne Systems Inc. (ESI) is a growing Camp Hill water and wastewater equipment manufacturer who has been in business for over 50 years (Since 1971). We custom design a full range of treatment equipment for municipal and industrial applications. Our experienced ...
...Job Description Job Description Low Voltage Technician Chesapeake, VA - open to 1 year or less of experience Overview Were looking for a Low Voltage Technician with at least 2 years of commercial experience installing and terminating Cat 5, Cat 5e, and Cat...
...significant amounts of information and analyzes processes to support business unit needs. May troubleshoot errors, conduct impact analyses,... ...Required ~3 - 5 years of experience in a Business Analyst or Business Process Analyst role or experience in a related operational...
...Job Title: Low Voltage Technician Location: Tulsa, OK Low Voltage Technician Job Description Position Overview We are seeking a skilled and motivated Low Voltage Technician. The ideal candidate will have experience installing, maintaining, and troubleshooting low voltage...