IT Security Manager

Company Description

The Office of Innovation & Technology (OIT) is the central IT agency for the City of Philadelphia headed by the Chief Information Officer (CIO). OIT oversees all major information and communications technology initiatives for the City of Philadelphia - increasing the effectiveness of the information technology infrastructure, where the services provided are advanced, optimized, and responsive to the needs of the City of Philadelphia’s businesses, residents, and visitors. OIT responsibilities include: identifying the most effective approach for implementing new information technology directions throughout city government; improving the value of the city’s technology assets and the return on the city’s technology investments; ensuring data security continuity; planning for continuing operations in the event of disruption of information technology or communications services; and supporting accountable, efficient and effective government across every city department, board, commission and agency.

The City of Philadelphia is seeking an IT Security Manager to lead and build the Governance, Risk, and Compliance (GRC) function within Revenue IT. This role is responsible for establishing and operating a structured security program focused on risk management, policy development, and governance across systems, teams, and vendors.

This is not a purely technical security role. The ideal candidate will have experience owning and operating GRC processes end-to-end, including risk register management, policy and standards development, and governance structures that drive accountability. The role requires the ability to work across business and technical teams, define clear ownership, and enforce security controls in a complex and evolving environment. This role is primarily managerial and program‑focused, responsible for defining strategy, ensuring alignment across teams, and establishing clear governance structures that drive consistent execution.

This critical role will be responsible for ensuring the confidentiality, integrity, and availability of our information systems, with a strong focus on compliance with IRS Publication 1075 Guidelines and the NIST 853 Cybersecurity Framework.

 

Job Description

Essential Functions

• Own and operate the Revenue IT GRC program, including risk management processes, governance structures, and compliance tracking
• Establish and maintain a centralized risk register, including identification, prioritization, and escalation of risks to leadership
• Develop, implement, and maintain security policies, standards, and procedures aligned to organizational needs and regulatory requirements
• Define and enforce governance processes, including clear ownership, accountability, and escalation paths across teams and vendors
• Lead security-related risk assessments and partner with system owners to define and track mitigation strategies
• Coordinate and manage internal and external audits, including documentation, response tracking, and remediation follow-up
• Work with vendors and internal teams to ensure accountability for security controls, deliverables, and knowledge transfer
• Communicate security risks, priorities, and program status to leadership in a clear and actionable manner
• Build structure in areas with limited process, ensuring consistency and transparency across security-related activities
• Conduct regular security assessments, vulnerability scans, and penetration testing to identify and mitigate risks
• Develop and maintain security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms).   
• Respond to security incidents and implement corrective actions.
• Partner with the City’s Security Team to ensure City policies are applied throughout Revenue.
• Participate in security audits and compliance reviews.
• Communicate security-related information effectively to both technical and non-technical audiences, performs miscellaneous job-related duties as assigned.
• Coach teams on risk ownership and control implementation; develop a culture of accountability and transparency

 

 

Qualifications

Qualifications (Education and Experience)

• Minimum of 2 years of experience in information security, with a focus on governance, risk, and compliance
• Demonstrated experience owning or leading GRC processes, including risk management, policy development, and governance
• Experience developing and implementing security policies, standards, and procedures
• Experience conducting risk assessments and managing risk through formal tracking and escalation processes
• Experience working with regulatory frameworks such as NIST, IRS Pub 1075, or similar (framework-agnostic experience acceptable)
• Experience coordinating audits and managing remediation efforts
• Experience working across business and technical teams to drive alignment and accountability
• Prior management or team leadership experience preferred

Competencies, Knowledge, Skills and Abilities

• Strong ability to build and operate structured programs in environments with limited existing process
• Demonstrated experience defining ownership and driving accountability across teams without direct authority
• Ability to translate technical risk into clear business impact and communicate effectively with leadership
• Experience working in complex environments with multiple stakeholders, including vendors and external partners
• Comfort operating in ambiguity and establishing clear direction and priorities
• Strong organizational and operational discipline, with a focus on documentation, tracking, and follow-through

Additional Information

Salary Range: $115,000 - $125,000 

Salary cannot exceed $125,000.

All applications should include the following: 
•    Cover Letter clarifying your interest and qualifications for the role.
•    Resume
We won’t accept or review incomplete applications.

Work Setting: in-person (onsite)

Discover the Perks of Being a City of Philadelphia Employee:
•    We offer Comprehensive health coverage for employees and their eligible dependents
•    Our wellness program offers eligibility into the discounted medical plan
•    Employees receive paid vacation, sick leave, and holidays
•    Generous retirement savings options are available
•    Pay off your student loans faster - As a qualifying employer, City of Philadelphia employees are eligible to participate in the Public Service Loan Forgiveness program. Join the ranks of hundreds of employees who have already benefited from this program and achieved student loan forgiveness.
•    Enjoy a Free Commute on SEPTA - Starting September 1, 2023, eligible City employees will no longer have to worry about paying for SEPTA public transportation. Whether you're a full-time, part-time, or provisional employee, you can seize the opportunity to sign up for the SEPTA Key Advantage Program and receive free Key cards for free rides on SEPTA buses, trains, trolleys, and regional rails.
•    Unlock Tuition Discounts and Scholarships - The City of Philadelphia has forged partnerships with over a dozen esteemed colleges and universities in the area, ensuring that our employees have access to a wide range of tuition discounts and scholarships. Experience savings of 10% to 40% on your educational expenses, extending not only to City employees but in some cases, spouse and dependents too!
Join the City of Philadelphia team today and seize these incredible benefits designed to enhance your financial well-being and personal growth!

*The successful candidate must be a city of Philadelphia resident within six months of hire

Effective May 22, 2023, vaccinations are no longer required for new employees that work in non-medical, non-emergency or patient facing positions with the City of Philadelphia. As a result, only employees in positions providing services that are patient-facing medical care (ex: Nurses, doctors, emergency medical personnel), must be fully vaccinated.

The City of Philadelphia is an Equal Opportunity employer and does not permit discrimination based on race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, source of income, familial status, genetic information or domestic or sexual violence victim status. If you believe you were discriminated against, call the Philadelphia Commission on Human Relations at 215-686-4670 or send an email to faqpchr@phila.gov.
 

Client-provided location(s): Philadelphia, PA

Job ID: 6bc7133b-9f26-4167-a815-72419081bb7b

Employment Type: OTHER

Posted: 2026-05-07T17:54:00