Profession ICT security consultant

ICT security consultants advise and implement solutions to control access to data and programs. They promote a safe exchange of information.

Personality Type

• Conventional / Investigative

Knowledge

• Cyber attack counter-measures

  The strategies, techniques and tools that can be used to detect and avert malicious attacks against organisations' information systems, infrastructures or networks.

• ICT security standards

  The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.

• ICT security legislation

  The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.

• Information security strategy

  The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

• Organisational resilience

  The strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

Skills

• Define security policies

  Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.

• Execute ICT audits

  Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

• Analyse ICT system

  Study the activity and performance of information systems in order to model their usage and weaknesses, specify purpose, architecture and services and discover operations and procedures for accomplishing them most efficiently.

• Manage disaster recovery plans

  Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

• Identify ICT system weaknesses

  Analyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks.

• Provide ICT consulting advice

  Advise on appropriate solutions in the field of ICT by selecting alternatives and optimising decisions while taking into account potential risks, benefits and overall impact to professional customers.

• Perform risk analysis

  Identify and assess factors that may jeopardise the success of a project or threaten the organisation's functioning. Implement procedures to avoid or minimise their impact.

• Define technical requirements

  Specify technical properties of goods, materials, methods, processes, services, systems, software and functionalities by identifying and responding to the particular needs that are to be satisfied according to customer requirements.

• Execute software tests

  Perform tests to ensure that a software product will perform flawlessly under the specified customer requirements, using specialised software tools. Apply software testing techniques and tools in order to identify software defects (bugs) and malfunctions.

• Identify ICT security risks

  Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

• Develop information security strategy

  Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

• Implement ICT risk management

  Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

• Manage IT security compliances

  Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.

• Report test findings

  Report test results with a focus on findings and recommendations, differentiating results by levels of severity. Include relevant information from the test plan and outline the test methodologies, using metrics, tables, and visual methods to clarify where needed.

• Keep task records

  Organise and classify records of prepared reports and correspondence related to the performed work and progress records of tasks.

• Verify formal ICT specifications

  Check capabilities, correctness and efficiency of intended algorithm or system to match certain formal specifications.

• Educate on data confidentiality

  Share information with and instruct users in the risks involved with data, especially risks to the confidentiality, integrity, or availability of data. Educate them on how to ensure data protection.

• Keep up with the latest information systems solutions

  Gather the latest information on existing information systems solutions which integrate software and hardware, as well as network components.

• Monitor system performance

  Measure system reliability and performance before, during and after component integration and during system operation and maintenance. Select and use performance monitoring tools and techniques, such as special software.

Optional knowledge and skills

Source: Sisyphus ODB