Head of Cyber Risk and Compliance (Enterprise Technology Manager)

Head of Cyber Risk and Compliance (Enterprise Technology Manager) Job Description (Refined)

The City of San Joss Information Technology Department (ITD) is seeking an experienced and forward-thinking leader to serve as the Head of Cyber Risk and Compliance (Enterprise Technology Manager) with a focus on Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and Risk Management. Reporting to the City Information Security Officer (CISO), this role provides senior-level leadership for cybersecurity governance, regulatory compliance, access control, and enterprise risk initiatives that safeguard City services, data, and critical infrastructure.

The Head of Cyber Risk and Compliance will play a critical leadership role in strengthening the Citys security governance structure, managing enterprise risks, and ensuring effective identity and access controls across the organization. This position requires a leader who can balance regulatory compliance, security best practices, and operational needs, while fostering a culture of accountability and resilience.

Key responsibilities

• Representing the cybersecurity program in executive meetings, steering committees, and inter-agency collaborations.
• Collaborate with external partners, including DHS CISA, FBI, and state agencies, on compliance, risk, and threat intelligence initiatives.
• Promote Citywide cybersecurity awareness programs, with emphasis on governance, risk, and compliance accountability.
• Lead the planning, execution, and delivery of complex cross-functional projects, ensuring alignment with organizational priorities and stakeholder expectations.
• Lead enterprise risk assessments, threat modeling, and business impact analyses by establishing standardized frameworks to evaluate organizational risk posture and align findings with enterprise objectives.
• Oversee cross-departmental collaboration to identify vulnerabilities, analyze threats, assess potential impacts, and translate results into actionable mitigation strategies that inform executive decision-making.
• Oversee regulatory compliance initiatives, ensuring continuous audit readiness and timely fulfillment of reporting requirements to meet federal, state, and industry standards.
• Provide governance and oversight to maintain adherence to applicable framework, regulatory and certification requirements.
• Coordinate with internal and external auditors and deliver clear risk mitigation and compliance reporting to executive leadership and regulatory bodies.
• Integrate risk management processes into City projects, procurement, and vendor engagements.
• Collaborate with IT operations and emergency management teams on disaster recovery and business continuity planning.
• Lead the Citys cybersecurity GRC program, ensuring alignment with frameworks such as NIST CSF, ISO 27001, CJIS, PCI DSS, and other applicable standards.
• Develop, implement, and enforce Citywide cybersecurity policies, standards, and procedures.
• Provide metrics and dashboards on risk posture, policy adoption, and compliance to executive leadership.
• Direct the Citys IAM strategy, including identity lifecycle management, SSO, MFA, and PAM.
• Ensure secure onboarding, offboarding, and RBAC across City departments.
• Implement and govern Zero Trust principles to reduce insider and external access risks.
• Partner with IT and business units to advance identity governance and automation.
• Develop and maintain the enterprise Disaster Recovery Plan as well as information systems contingency plans for each system, with tabletop exercises as required.

Salary and schedule

Hybrid telework schedule is possible, subject to change. The City is currently on a 32-hour onsite workweek.

Salary Information : The final candidates qualifications and experience shall determine the actual salary. In addition to the starting salary, employees in the Enterprise Technology Manager (ETM) classification shall also receive an approximate five percent (5%) ongoing non-pensionable compensation pay.

Minimum qualifications

Education and Experience : Bachelors degree from an accredited college or university with coursework in computer science, information systems, business administration, or closely related field AND seven (7) years of experience managing, maintaining and implementing significant technology programs, computer system infrastructure and design, network operations, security design, application development and configurations and system / servicer administration, including a combination of five (5) years of supervisory and project personnel management experience, of which at least two (2) years should be supervisory experience over a technical team.

Required Licensing : Possession of a valid State of California drivers license. Passing the San Jose Police Department (SJPD) background check is also a condition of employment.

Other qualifications and competencies

Selection process and contact

The selection process includes evaluation of the applicants training and experience, responses to job-specific questions, and may include interviews and a practical / writing exercise. For questions about duties or the hiring process, contact Tram Nguyen at Tramt.Nguyen@.

Employment eligibility : Federal law requires verification of eligibility to work in the United States. The City will not sponsor visa applications. Please answer all job-specific questions to be considered.

The City of San Jos is an equal opportunity employer. Applicants are considered without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, veteran status or any other unlawful consideration. Reasonable accommodations are available for applicants with disabilities.

For more information on the Citys values and ITD culture, visit the ITD website.

Note : Some boilerplate and extraneous postings have been removed to focus on the Head of Cyber Risk and Compliance (Enterprise Technology Manager) role and related requirements.

#J-18808-Ljbffr