Head of Cyber Risk and Compliance (Enterprise Technology Manager)

Salary : $170,679.60 - $208,855.92 Annually

Location : San Jose Metropolitan Area

Job Type : Full-Time

Job Number : 202501266

DEPART : Information Technology

Opening Date : 09 / 26 / 2025

Our diverse and inclusive workforce of more than 7,000 employees play a key role in the success of San José, the heart of the Silicon Valley. All City of San José employees work together as one team to make San José a vibrant, innovative, and desirable place to live and work. Visit to learn more about our One Team Leadership Values and Expectations, including quality and excellent customer service and here to learn more about San José.

The City of San José is an equal opportunity employer. Applicants for all job openings will be considered without regard to age, race, color, religion, sex, national origin, sexual orientation, disability, veteran status or any other consideration made unlawful under any federal, state or local laws. The City of San José is committed to offering reasonable accommodations to job applicants with disabilities. If you need assistance or an accommodation due to a disability, please contact us at 408-535-1285, 711 (TTY), or via email at CityCareers@sanjoseca.gov.

About the Department

The City of San José innovates to provide exceptional civic services using advanced technologies to help our community thrive.

As one of the largest cities in the nation, the City manages a large set of services and assets and operates on a budget of $5.6 billion, with approximately 7,000 employees, serving about 1 million residents and 60,000 businesses employing 415,000 workers in the heart of Silicon Valley.

The Information Technology Department's (ITD) mission is to enrich the quality of life in San José through innovation, collaboration, and engagement. ITD enables that mission through business and infrastructure systems, cybersecurity, data management and analysis, responsible use of Artificial Intelligence (AI), productivity and collaboration tools, the San José 311 resident experience platform, data equity and privacy programs, and strategic planning. San José is powered by truly great people, a robust technology environment, and a strong sense of purpose.

The IT department is a leader in innovation, embracing cutting-edge technologies and pioneering solutions to enhance efficiency and quality of life in San José. As part of this effort, the City leads a national initiative for AI through the GovAI Coalition, which was established to give local governments a voice in shaping the future of AI, ensuring it is developed responsibly and for the public good.

Promoting the City's commitment to equity and inclusion, we believe that all members of the community, regardless of background, have access to the tools and resources needed to thrive in the digital age. San José is in the heart of Silicon Valley, which boasts a rich history in technology, education, and agriculture. Over half of San José residents speak a language other than English at home, highlighting the importance of language accessibility in all City services. By fostering inclusivity, promoting digital literacy, and building accessible platforms, we are advancing technology while creating a more equitable future for everyone.

At the City of San José, we promote work-life alignment and a focus on growth to bring out the best in our people. Come join us in making San José the most vibrant, equitable, sustainable, and innovative city in the nation! Visit the to learn about our culture, vision, leadership, and innovative initiatives.

Position Duties

NOTE - The first review of applications will be on Thursday, October 23, 2025. Please submit your application by 12 : 00 p.m. (PST) on Thursday, October 23, 2025, if you would like your application to be included in the first review. Candidates who pass the first application review round will be invited to interviews the week of November 17, 2025.

Position and Duties

The City of San José's Information Technology Department (ITD) is seeking an experienced and forward-thinking leader to serve as the Head of Cyber Risk and Compliance (Enterprise Technology Manager) with a focus on Governance, Risk, and Compliance (GRC), Identity and Access Management (IAM), and Risk Management. Reporting to the City Information Security Officer (CISO), this role provides senior-level leadership for cybersecurity governance, regulatory compliance, access control, and enterprise risk initiatives that safeguard City services, data, and critical infrastructure.

The Head of Cyber Risk and Compliance will play a critical leadership role in strengthening the City's security governance structure, managing enterprise risks, and ensuring effective identity and access controls across the organization. This position requires a leader who can balance regulatory compliance, security best practices, and operational needs, while fostering a culture of accountability and resilience.

Key responsibilities include, but are not limited to :

• Representing the cybersecurity program in executive meetings, steering committees, and inter-agency collaborations.
• Collaborate with external partners, including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice's Federal Bureau of Investigation (FBI), and State agencies, on compliance, risk, and threat intelligence initiatives.
• Promote Citywide cybersecurity awareness programs, with emphasis on governance, risk, and compliance accountability.
• Lead the planning, execution, and delivery of complex cross-functional projects, ensuring alignment with organizational priorities and stakeholder expectations.
• Lead enterprise risk assessments, threat modeling, and business impact analyses by establishing standardized frameworks to evaluate organizational risk posture and align findings with enterprise objectives.
• Oversee cross-departmental collaboration to identify vulnerabilities, analyze threats, assess potential impacts, and translate results into actionable mitigation strategies that inform executive decision-making.
• Oversee regulatory compliance initiatives, ensuring continuous audit readiness and timely fulfillment of reporting requirements to meet federal, state, and industry standards.
• Provide governance and oversight to maintain adherence to applicable framework, regulatory and certification requirements.
• Coordinate with internal and external auditors and deliver clear risk mitigation and compliance reporting to executive leadership and regulatory bodies.
• Integrate risk management processes into City projects, procurement, and vendor engagements.
• Collaborate with IT operations and emergency management teams on disaster recovery and business continuity planning.
• Lead the City's cybersecurity GRC program, ensuring alignment with frameworks such as NIST CSF, ISO 27001, CJIS, PCI DSS, and other applicable standards.
• Develop, implement, and enforce Citywide cybersecurity policies, standards, and procedures.
• Provide metrics and dashboards on risk posture, policy adoption, and compliance to executive leadership.
• Direct the City's IAM strategy, including identity lifecycle management, single sign-on (SSO), multi-factor authentication (MFA), and privileged access management (PAM).
• Ensure secure onboarding, offboarding, and role-based access controls (RBAC) across City departments.
• Implement and govern Zero Trust principles to reduce insider and external access risks.
• Partner with IT and business units to advance identity governance and automation.
• Develop and maintain the enterprise Disaster Recovery Plan as well as information systems contingency plans for each system. Perform table-top exercises in accordance with City policy (e.g., every other year).

Please note that the Head of Cyber Risk and Compliance (Enterprise Technology Manager) position is eligible for a hybrid telework schedule, which is subject to change. The City is currently on a 32-hour onsite workweek.

Salary Information : The final candidate's qualifications and experience shall determine the actual salary. In addition to the starting salary, employees in the Enterprise Technology Manager (ETM) classification shall also receive an approximate five percent (5%) ongoing non-pensionable compensation pay.

The is represented by the bargaining unit.

Minimum Qualifications

Education and Experience : Bachelor's degree from an accredited college or university with coursework in computer science, information systems, business administration, or closely related field AND seven (7) years of experience managing, maintaining and implementing significant technology programs, computer system infrastructure and design, network operations, security design, application development and configurations and system / servicer administration, including a combination of five (5) years of supervisory and project personnel management experience, of which at least two (2) years should be supervisory experience over a technical team.

Required Licensing (such as driver's license, certifications, etc.) : Possession of a valid State of California driver's license.

Passing the San Jose Police Department (SJPD) background check is also a condition of employment.

Other Qualifications

Competencies

The ideal candidates will possess the following competencies, as demonstrated in past and current employment history. The ideal candidate will possess a combination of technical, governance, and leadership expertise to oversee the City's Governance, Risk, and Compliance (GRC) and Identity & Access Management (IAM) operations :

Job Expertise - Demonstrates knowledge of and experience with applicable professional / technical principles and practices, Citywide and departmental procedures / policies, and federal and state rules and regulations.

Certified Information Systems Security Professional (CISSP);

Building Trust - Communicates an understanding of the other person's interests, needs and concerns; identifies and communicates shared interests and goals; identifies and communicates differences as appropriate; demonstrates honesty, keeps commitments, and behaves in an appropriate manner.

Project Management - Ensures support for projects and implements agency goals and strategic objectives.

Leadership - Leads by example; demonstrates high ethical standards; remains visible and approachable and interacts with others on a regular basis; promotes a cooperative work environment, allowing others to learn from mistakes; provides motivational supports and direction.

Conflict Management - Uses appropriate interpersonal styles and methods to reduce tension or conflict between two or more people, by presenting the facts, analysis, and conclusions or solutions that show command of content and perspectives and interests of the audience.

Problem Solving - Approaches a situation or problem by defining the problem or issue; determines the significance of problem; collects information; uses logic and intuition to arrive at decisions or solutions to problems that achieve the desired outcome.

Communication Skills - Effectively conveys information and expresses thoughts and facts clearly, orally and in writing; demonstrates effective use of listening skills; displays openness to other people's ideas and thoughts.

Multi-Tasking - Can handle multiple projects and responsibilities simultaneously; has handled a wide variety of assignments in past and / or current position(s).

Political Skill - In taking action, demonstrates an understanding and consideration of how it will impact stakeholders and affected areas in the organization.

Supervision - Sets effective long and short-term goals based on a good understanding of management practices; establishes realistic priorities within available resources; provides motivational support; empowers others; assigns decision-making and work functions to others in an appropriate manner to maximize organizational and individual effectiveness.

Technology Use / Management - Uses efficient and cost-effective approaches to integrate technology into the workplace and improve program effectiveness.

Selection Process

The selection process will consist of an evaluation of the applicant's training and experience based on the application and responses to all the job-specific questions. You must answer all questions to be considered, or your application may be deemed incomplete and withheld from further consideration. Only those candidates whose backgrounds best match the position will be invited to proceed in the selection process. Additional phases of the selection process will consist of one or more interviews, one of which may include a practical and / or writing exercise.

If you have questions about the duties of these positions, the selection, or the hiring processes, please contact Tram Nguyen at

Additional Information :

Employment Eligibility : Federal law requires all employees to provide verification of their eligibility to work in this country. Please be informed that the City of San Jose will NOT sponsor, represent or sign any documents related to visa applications / transfers for H1-B or any other type of visa which requires an employer application.

You must answer all job-specific questions to be considered for this vacancy or your application will be deemed incomplete and withheld from further consideration. Applicants are expected to write their own essays / responses.

Please note that applications are currently not accepted through CalOpps or any other third party job board application system.

This recruitment may be used to fill multiple positions in this, or other divisions or departments. If you are interested in employment in this classification, you should apply to ensure you are considered for additional opportunities that may utilize the applicants from this recruitment.

Please allow adequate time to complete the application and submit before the deadline or the system may not save your application. If your online application was successfully submitted, you will receive an automatic confirmation email to the email address you provided. IF YOU DO NOT RECEIVE THE CONFIRMATION, please email and we will research the status of your application.

AI and the Hiring Process

We recognize that Artificial Intelligence (AI) is becoming part of daily life and can be a valuable tool for learning, research, and professional growth. We encourage candidates to use AI responsibly as a support in preparing application materials, live assessments, and interviews. However, we value authenticity, accuracy and truthfulness. Application responses and interview answers must reflect your own knowledge, skills, and experiences. While AI can supplement preparation, it cannot replace the originality and judgment we look for in our employees. This ensures fairness, transparency, and equity for all applicants in the hiring process.

The City of San Jose offers a wide range of core health benefits including Medical, Dental, Vision, Employee Assistance Program, Life Insurance, Disability, and Savings Plans. Please visit the City's for detailed information on coverage, cost, and dependent coverage.

For information on the City's Retirement Plan(pension for full-time employees), please visit the Office of Retirement Services You will be able to view information based on different Sworn / Federated job classification.

In additional to the benefits above, there is an to explore further benefits of working for the City of San Jose like paid leave, educational reimbursements, and holiday pay are specific to the job classification and union membership.

01

What is the highest level of education you have completed?

02

Please specify your degree, field of study, and the college or university where you obtained your degree. You may also include any additional degrees or applicable certifications that you have achieved.

03

This position requires a State of California Driver's License. Please select the applicable option that best describes your driver's license, or your ability to possess a valid driver's license.

04

How many years of experience do you have in managing, maintaining and implementing significant technology programs, computer system infrastructure and design, network operations, security design, application development and configurations and system / servicer administration?Please Note : One year of Full-Time experience = 2080 Hours.

05

Out of the experience in the above question, how many years include supervisory and project personnel management experience?Please Note : The City of San José defines supervisory experience as : Responsibility for directing the work of others and providing coordination between employees and other units. A supervisor assumes responsibilities such as budget preparation and personnel transactions, and is responsible for employee appraisals

06

Out of the experience in the above question, how many years have included supervisory experience over a technical team?

07

Do you possess any one of the current (non-expired) certifications listed below? Please attach a scanned copy of the certification(s) you possess in the "File Attachments" part of the application process.

08

Drawing from your experience in senior cybersecurity leadership roles (e.g., Senior Manager, Director, Deputy CISO, CISO, etc.), describe how your background aligns with this position by addressing : the scope of your leadership responsibilities including team size and programs managed; your experience with the key cybersecurity domains relevant to this role; strategic initiatives you've led or contributed to; how you've managed stakeholder relationships across the organization; your approach to building and developing cybersecurity teams; and specific achievements or challenges that demonstrate your readiness for this position's unique requirements.

09

Describe a major cybersecurity project where you led the implementation of a solution that required users to change their behavior (e.g., Multi-factor Authentication, Data Loss Prevention, and / or endpoint security). In your response, please cover : the business problem and project objectives, your technical solution and change management approach, the key project phases and teams involved, your specific leadership role and major decisions, significant challenges encountered and how you resolved them, measurable outcomes achieved, and 2-3 key lessons learned that you've applied to future projects.

10

How did you implement and operationalize a proactive Governance, Risk, and Compliance program? Include the following : 1) Describe the top two (2) cybersecurity initiatives that you have recently completed in support of the program. 2) Provide details, including business objectives for each initiative, the scope, size of the project team, length of the project, complexity, and verifiable outcomes. 3) Include the roles of two (2) stakeholders who supported the initiatives or benefited from the delivered work. Additionally, explain how these initiatives contributed to the overall maturity and effectiveness of your GRC program, including any process improvements, risk reduction achievements, or compliance enhancements that resulted from your leadership.

Required Question