Information about the position is available below.
San Francisco Department of Public Health
Chief Information Security Officer
$180,440 to $230,308 per year
Application deadline: Jan. 9, 2026
The CISO is responsible for securing IT operations across the divisions, including the San Francisco Health Network, Population Health Division, Behavioral Health Services and Central Administration.
Those divisions cover a broad range of critical operations. The Health Network has locations across the city, including in major hospitals and other care centers. The Population Health Division provides core city and county public health services such as disease surveillance and prevention, the Behavioral Health Services Division provides substance and mental health-care services and the Central Administration is responsible for IT, HR and other operational functions.
“This role leads the implementation of an enterprise-wide security program that promotes collaboration, strengthens governance and aligns cybersecurity initiatives with organizational goals,” the job posting states. “The CISO serves as a trusted advisor to senior leadership, providing expert guidance on risk management, security investments and policy development. The CISO oversees a team of cybersecurity professionals within the SFDPH IT division and collaborates extensively with the CISO for the city and county of San Francisco.”
Essential functions for this role include:
- Provides strategic leadership in evaluating and mitigating information security threats across the organization using a structured, risk-based methodology. Advises executive leadership on identified risks and ensures timely execution of mitigation and remediation plans with integrity and discretion.
- Directs the ongoing development of the department’s information security program, including project portfolio management, incident response, policy frameworks, compliance activities, threat and vulnerability management, and third-party risk management.
- Allocates and manages resources to support a robust security strategy. Identifies and advocates for strategic investments, oversees capital and operating budgets, and delivers ROI analyses and budget recommendations.
- Partners with the Office of Compliance and Privacy Affairs to assess data security risks related to contracts, projects, artificial intelligence solutions and other initiatives. Develops tools and interventions to mitigate risks, establishes performance metrics and monitors compliance through audits and assessments.
- Builds alignment and support for security goals and initiatives across internal and external stakeholders. Communicates effectively with leadership at all levels on trends, risks and the overall effectiveness of the security program.
More information about the position and application process is available here.
