Profession ICT security manager
ICT security managers propose and implement necessary security updates. They advise, support, inform and provide training and security awareness and take direct action on all or part of a network or system.
Would you like to know what kind of career and professions suit you best? Take our free Holland code career test and find out.
Personality Type
Knowledge
- Internal risk management policy
The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.
- Computer forensics
The process of examining and recovering digital data from sources for legal evidence and crime investigation.
- ICT quality policy
The quality policy of the organisation and its objectives, the acceptable level of quality and the techniques to measure it, its legal aspects and the duties of specific departments to ensure quality.
- Internet governance
The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.
- Information security strategy
The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
- Internet of Things
The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).
- ICT problem management techniques
The techniques related to identifying the solutions of the root cause of ICT incidents.
- ICT security standards
The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.
- ICT project management
The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.
- ICT system user requirements
The process intended to match user and organisation's needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.
- Legal requirements of ICT products
The international regulations related to the development and use of ICT products.
Skills
- Define security policies
Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.
- Manage disaster recovery plans
Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.
- Implement ICT risk management
Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.
- Manage IT security compliances
Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
- Lead disaster recovery exercises
Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.
- Maintain ICT identity management
Administer identification, authentication and authorisation of individuals within a system and control their access to resources by associating user rights and restrictions with the established identity.
- Establish an ICT security prevention plan
Define a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unathorised access to systems and resources, including up-to-date security applications and employee education.
- Develop information security strategy
Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.
- Solve ICT system problems
Identify potential component malfunctions. Monitor, document and communicate about incidents. Deploy appropriate resources with minimal outage and deploy appropriate diagnostic tools.
Optional knowledge and skills
ict security legislation audit techniques provide technical documentation information confidentiality tools for ict test automation use ict ticketing system systems development life-cycle saas (service-oriented modelling) organisational resilience decision support systems hybrid model service-oriented modelling ict network security risks levels of software testing outsourcing model web application security threats open source model cyber security mobile device management cyber attack counter-measures investment analysis ict process quality models ict encryption execute ict audits identify ict security risks define technology strategy ict recovery techniquesSource: Sisyphus ODB