Jobs in Tech: Information Systems Security Manager
Large IT security departments will typically employ an Information System Security Manager who fills a supervisory role, shouldering management and training responsibilities for the rest of the security staff. Here are the details of what to expect in this career.
General Job Responsibilities
While, as with most careers, specific duties vary based on the company who employs you, the ISSM's overall responsibilities are to:
- Manage the implementation and development of an organization's IT security
- Make sure security policies, standards and procedures are established and enforced
- Coordinate information security inspections, tests, and reviews
- Oversee an in-house security team (as well as workers who telecommute, if applicable)
Also called IT security managers, people in this career generally work full-time in an office setting. Overtime hours are more probable than with some other jobs, as the security team will typically work on a problem or threat until it is resolved, rather than clocking out at 5:00 pm.
The Big Picture—Designing a Security Policy
To design a security policy, the Information Systems Security Manager will likely gather and organize technical information about the company's mission, goals, and needs, as well as its existing security products and its ongoing programs and activities. He or she will also conduct risk analyses and assessments and then make sure there are solutions in place to mitigate those risks.
This background work goes toward creating the organization's information security plans and policies. The Information Systems Security Manager helps identify the organization's current security infrastructure and define what kind of security must be designed and implemented in order to meet the organization's requirements.
Then the manager oversees the rest of the security team members as they design and implement the solutions according to security requirements.
Information Systems Security Managers provide guidance when it comes to analyzing and evaluating networks and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection, and encryption on a daily basis.
The Information Systems Security Manager may be required to interact with and advise the organization's non-technical employees, such as during staff meetings, teleconferences, or other situations in which security issues need to be addressed.
In the event of system disasters resulting in data loss, security managers are responsible for assisting with data recovery.
Required Knowledge and Skills
An Information Systems Security Manager will typically require knowledge of several areas, including:
- Security tools and programs that are currently available
- Business security practices and procedures
- Hardware/software security implementation
- Encryption techniques/tools
- Various communication protocol.
Applicants should also possess good decision-making and analytical skills and be able to pass background checks.
Experience, Training, and Certification
While there is a wide range of requirements and the ones you need will depend on the organization that's hiring, it’s not an easy job to get, and not accessible to entry-level applicants. Some Information Systems Security Manager postings indicate that you need a Bachelor's degree in a related computer field plus up to nine years of experience.
You may be able to land this position without a degree, although an employer may ask for more years of experience in lieu of the desired university degree. Your work experience should ideally involve security in a major way, and management/leadership skills are a bonus. Sometimes, a strong history in a non-security information science job will be sufficient.
The following certifications may also be required:
- MCSE: Security
- Unix/Linux Certification
Aspiring IT security managers should focus on building up a strong portfolio of security skills. If you are still in school, tailor your course choices to develop these skills. Otherwise, get basic training and a certification or two, then apply to entry-level security positions and work your way up.
Note: Updates to this article have been made by Laurence Bradford.