New Guide Clarifies Information Security Manager Role
As information security has matured into its own discipline, many new career opportunities have surfaced. To help hiring managers define these job positions and required skills, ISACA — a nonprofit association serving more than 86,000 information security, assurance and IT governance professionals in 160 countries — has published “Defining Information Security Manager Position Requirements: Guidance for Executives and Managers.”
The guide provides a comprehensive resource to help those hiring information security mangers identify candidates who can meet the challenges of the constantly evolving security profession and myriad regulatory requirements, and who demonstrate business skills.
“Enterprises must recruit professionals with the appropriate skills to ensure that information assets are protected from unauthorized use, systems are available and the continued integrity of information and processes is assured,” said Jo Stewart-Rattray, chair of the ISACA Security Management Committee. “The ISACA guide serves to untangle the complexities of the information security management position and provide specific definitions of information security management responsibilities, knowledge and optimal reporting relationships.”
“Defining Information Security Manager Position Requirements” is intended to serve as a practical guide to defining career paths and essential attributes of the information security manager position for those involved with information security, including human resource professionals, information security professionals, executives, governing bodies and boards of directors or trustees. It can be tailored to the specific requirements of an enterprise based on its size, scale, nature, resources, position level and complexity.
Due to the varied backgrounds of information security professionals, an essential element of this report is a diagram of the many pathways by which security professionals have entered and progressed in information security positions.
ISACA conducted extensive research to prepare the report, including a comprehensive global job task analysis survey of approximately 600 information security professionals holding the Certified Information Security Manager (CISM) designation, as well as a working group of information security executives, including more than 100 CISMs. ISACA also conducted the Information Security Career Progression Survey that generated responses from more than 1,400 CISMs worldwide.
The CISM designation is issued by ISACA and is acknowledged by the International Organization for Standardization (ISO) as one of a select group of information security professional certifications receiving worldwide recognition.