Profession ICT security manager

ICT security managers propose and implement necessary security updates. They advise, support, inform and provide training and security awareness and take direct action on all or part of a network or system.

Would you like to know what kind of career and professions suit you best? Take our free Holland code career test and find out.

Personality Type

  • Conventional / Investigative

Knowledge

  • ICT problem management techniques

    The techniques related to identifying the solutions of the root cause of ICT incidents.

  • ICT system user requirements

    The process intended to match user and organisation's needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.

  • Internet governance

    The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.

  • Legal requirements of ICT products

    The international regulations related to the development and use of ICT products.

  • Computer forensics

    The process of examining and recovering digital data from sources for legal evidence and crime investigation.

  • ICT security standards

    The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.

  • Internet of Things

    The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).

  • Internal risk management policy

    The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.

  • ICT project management

    The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.

  • Information security strategy

    The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

  • ICT quality policy

    The quality policy of the organisation and its objectives, the acceptable level of quality and the techniques to measure it, its legal aspects and the duties of specific departments to ensure quality.

Skills

  • Define security policies

    Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.

  • Establish an ICT security prevention plan

    Define a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unathorised access to systems and resources, including up-to-date security applications and employee education.

  • Implement ICT risk management

    Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

  • Manage IT security compliances

    Guide application and fulfillment of relevant industry standards, best practices and legal requirements for information security.

  • Maintain ICT identity management

    Administer identification, authentication and authorisation of individuals within a system and control their access to resources by associating user rights and restrictions with the established identity.

  • Develop information security strategy

    Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

  • Lead disaster recovery exercises

    Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.

  • Solve ICT system problems

    Identify potential component malfunctions. Monitor, document and communicate about incidents. Deploy appropriate resources with minimal outage and deploy appropriate diagnostic tools.

  • Manage disaster recovery plans

    Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

Optional knowledge and skills

information confidentiality web application security threats audit techniques service-oriented modelling identify ict security risks use ict ticketing system ict process quality models cyber security decision support systems ict recovery techniques saas (service-oriented modelling) levels of software testing organisational resilience execute ict audits hybrid model investment analysis systems development life-cycle define technology strategy tools for ict test automation provide technical documentation ict network security risks ict encryption ict security legislation outsourcing model cyber attack counter-measures open source model mobile device management