Table of Contents

Explain the Different Security Positions Within Information Security


Information Security Job Groups or Positions

Information security, like any other job, has employees ranked into specific positions or job groups. Each security position has its responsibilities and challenges that the stakeholder in charge must attend to.

Chief Security Risk Officer

The top most position, as written by Rhodes-Ousley (2013), is CSRO, an abbreviation for Chief Security Risk Officer, also alternatively known as Chief Information Security Officer (CISO). The CISO supervises risk management and information security roles in an organization (p.151).

Security Director

Security Director, the second security position after CSRO, oversees an executive team that ensures business goals are attained (Singer & Friedman, 2014). A security director should possess good communication and governance skills.

Security manager

Security manager, the third position, oversees all issues and occurrences related to security and directs all the other lower security positions, administers security policies and ascertains that the policies are strictly adhered to by all the company stakeholders.

Security architecture

Security architecture designs the structural strategies to perform security tests and find errors, and vulnerabilities. The architecture is also responsible for production and implementation of secure network architectures.

Security engineer

Security engineer works with the security architecture to design and implement the security architecture and with the security administrator to make decisions related to device administration.

Security administrator

Security administrator is the first person consulted when a security issue occurs. He/she ascertains that all security measures are applied and sustained.

Security analyst

Security analyst, as the name suggests, analyzes the architecture in place and generates reports used to measure and assess how the security processes are working (Boyle & Panko, 2012, p.569).

Security investigator

Security investigator examines security issues or incidences faced by an organization and violations among stakeholders. He/she works with the law enforcement representatives when necessary.

Security Awareness Trainer

Security Awareness Trainer acts as a mediator between security experts and employees by educating employees and other stakeholders on security guidelines and policies.

Facility Security Officer

Facility Security Officer ensures that all facilities or buildings meet the security policy standards and architecture in place. The facility security officer also reviews all physical security records like log files.


Boyle, R. and Panko, R. (2012). Corporate computer security. 3rd ed. Boston: Pearson.

Rhodes-Ousley, M. (2013). Information Security: The Complete Reference (2nd ed.). New York, NY: McGraw-Hill.

Singer, P. and Friedman, A. (2014). Cybersecurity and cyberwar. New York; Oxford: Oxford University Press, p.27.

Related Questions:

Explain Computer Policies and Provide an Example of One

Explain Policy Categories and the Form and Organization Components

Engr. Meshach Koech

Engr. Meshach Koech

Meshach K. Koech graduated from Negros Oriental State University in 2017 with a Bachelors Degree in computer engineering. He immediately went back for Electronics and Communication Engineering degree and currently pursues a masters in Cybersecurity. He likes blogging, programming and exploring latest technologies.

More to explorer

what is dropshipping?
Engr. Meshach Koech

What is Dropshipping? Understanding the Pros and Cons of This E-Commerce Model

Dropshipping is a popular e-commerce model that involves selling products without keeping them in stock. Instead, the retailer purchases products from a third-party supplier who

Read More »
Hand shake symbolizing win-win relationship
PHASE 1 - Defining the Target Market
Engr. Meshach Koech

Customer Symbiosis: Creating a Win-Win Relationship with Your Target Audience

When it comes to building a successful business, one of the key components is understanding your target audience. Without a clear understanding of who your

Read More »
Target Audience
PHASE 1 - Defining the Target Market
Engr. Meshach Koech

Finding Your Target Audience

In the previous article, we discussed the importance of understanding customer rings and audience filters when it comes to targeting a specific niche and tailoring

Read More »

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: