Profession ICT resilience manager

ICT resilience managers research, plan and develop models, policies, methods, techniques and tools that enhance an organisation's cyber security, resilience and disaster recovery.

Personality Type

• Conventional / Investigative

Knowledge

• Cyber security

  The methods that protect ICT systems, networks, computers, devices, services, digital information and people against illegal or unauthorised use.

• ICT recovery techniques

  The techniques for recovering hardware or software components and data, after failure, corruption or damage.

• System backup best practice

  The procedures related to preparing for recovery or continuation of technology infrastructure vital to an organisation.

• Internal risk management policy

  The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.

• Organisational resilience

  The strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

Skills

• Execute ICT audits

  Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

• Manage disaster recovery plans

  Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

• Identify ICT security risks

  Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

• Manage system security

  Analyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and implement effective countermeasures.

• Implement ICT recovery system

  Create, manage and implement ICT system recovery plan in case of crisis in order to retrieve information and reacquire use of the system.

• Analyse the context of an organisation

  Study the external and internal environment of an organisation by identifying its strengths and weaknesses in order to provide a base for company strategies and further planning.

• Lead disaster recovery exercises

  Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.

• Analyse business processes

  Study the contribution of the work processes to the business goals and monitor their efficiency and productivity.

• Develop information security strategy

  Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

• Manage IT security compliances

  Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.

• Develop contingency plans for emergencies

  Compose procedures outlining specific actions to be taken in the event of an emergency, taking into account all the risks and dangers that could be involved, ensuring that the plans comply with safety legislation and represent the safest course of action.

• Implement ICT risk management

  Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

• Comply with legal regulations

  Ensure you are properly informed of the legal regulations that govern a specific activity and adhere to its rules, policies and laws.

• Perform security vulnerability assessments

  Execute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols to identify and analyse potential vulnerabilities.

Optional knowledge and skills

Source: Sisyphus ODB