Information Security Job Groups or Positions
Information security, like any other job, has employees ranked into specific positions or job groups. Each security position has its responsibilities and challenges that the stakeholder in charge must attend to.
Chief Security Risk Officer
The top most position, as written by Rhodes-Ousley (2013), is CSRO, an abbreviation for Chief Security Risk Officer, also alternatively known as Chief Information Security Officer (CISO). The CISO supervises risk management and information security roles in an organization (p.151).
Security Director, the second security position after CSRO, oversees an executive team that ensures business goals are attained (Singer & Friedman, 2014). A security director should possess good communication and governance skills.
Security manager, the third position, oversees all issues and occurrences related to security and directs all the other lower security positions, administers security policies and ascertains that the policies are strictly adhered to by all the company stakeholders.
Security architecture designs the structural strategies to perform security tests and find errors, and vulnerabilities. The architecture is also responsible for production and implementation of secure network architectures.
Security engineer works with the security architecture to design and implement the security architecture and with the security administrator to make decisions related to device administration.
Security administrator is the first person consulted when a security issue occurs. He/she ascertains that all security measures are applied and sustained.
Security analyst, as the name suggests, analyzes the architecture in place and generates reports used to measure and assess how the security processes are working (Boyle & Panko, 2012, p.569).
Security investigator examines security issues or incidences faced by an organization and violations among stakeholders. He/she works with the law enforcement representatives when necessary.
Security Awareness Trainer
Security Awareness Trainer acts as a mediator between security experts and employees by educating employees and other stakeholders on security guidelines and policies.
Facility Security Officer
Facility Security Officer ensures that all facilities or buildings meet the security policy standards and architecture in place. The facility security officer also reviews all physical security records like log files.
Boyle, R. and Panko, R. (2012). Corporate computer security. 3rd ed. Boston: Pearson.
Rhodes-Ousley, M. (2013). Information Security: The Complete Reference (2nd ed.). New York, NY: McGraw-Hill.
Singer, P. and Friedman, A. (2014). Cybersecurity and cyberwar. New York; Oxford: Oxford University Press, p.27.