IT-Security Awareness
The technological possibilities for detecting and defending against security threats to the company are constantly maturing. The source of errors in the security area therefore often lies elsewhere – the human security factor is therefore receiving increasing attention in the IT area.
Thus, roles are needed that feel responsible for sensitizing the employees of an organization to dangers and threats in the IT area. This usually takes place in the context of training and continuing education, in which employees learn to recognize threats and to react appropriately. The day-to-day tasks of this role include the identification and selection of training material, including the design for delivery. In addition, selecting assessment opportunities that fit the organizational culture is also important. Opportunities also need to be created for people in the organization to report risks easily and quickly.
Individuals filling this role should have a strong knowledge of cyber threats and, most importantly, understand the company’s compliance objectives. Managers must be both technically savvy and have a high level of empathy with employees, as well as an affinity for the area of learning and change.
Cyber-Security
With a role in cyber security, the area of responsibility goes beyond internal IT and focuses primarily on the technical aspects of detecting and eliminating threats online. A lot of work is done here to secure companies online, especially preventively, and to protect them from external attacks.
In this process, the role before takes over the implementation of technological measures for prevention and threat elimination. The tasks thus include access controls, cryptography, rights management, firewalls, proxies, virus scanners, vulnerability management and much more. In addition, concrete knowledge about combating mailware and direct attacks should be available. Therefore, a degree in computer science is often a basic requirement.
The trend is that internal IT systems are more and more connected to the internet, therefore the areas of IT security and cyber security will merge more and more in the future. Nevertheless, and perhaps because of this, the area of cyber security remains an important role, which primarily takes on technical tasks and ensures information security together with other roles of IT security.
IT-Security Governance
Nowadays, data security must also be anchored holistically in the control and management of the company in order to align IT with the company at all relevant levels of action. To ensure that this can happen and be implemented, there is the role of the IT security governance manger. The central task in the governance area is to co-lead and manage all important operational and strategic IT processes, including the definition of standards, development of concepts and consultation with all important internal stakeholders. The main objective is to support management so that IT systems can be aligned with the people in the organization.
IT-Security Risk & Compliance
The IT Security Risk & Compliance Manager’s role is to organize and manage the information security compliance review processes. This includes maintaining the information security risk register, integrating monitoring, aggregating, and reporting risks, and reporting and tracking exceptions, enhancements, recommendations, non-conformances, and validated risk management remediation actions. And adherence to and implementation of legal and corporate compliance objectives arising from contracts, trade customs, or a code of conduct. Risk & Compliance Managers always work with a holistic view of data protection and information security.
Chief Information Security Officer
More and more companies now rely on a C-level IT role due to the increasing importance of IT systems in the company. The Chief Information Security Officer is thus responsible for IT security compliance and implementation throughout the company. This means that information security can be developed not only together with management, but by management itself. The importance of information and data will continue to grow in society for decades to come, and so will the relevance of IT security in top management.
ISMS Lead Auditor
In recent years, the IT infrastructure has become a central element of organizations and companies. An Information Security Management System (ISMS) helps to regulate the information security in one’s own company with appropriate security measures and to “keep fit” for external connectivity. For a certified ISMS, an IT auditor is required who can prepare one’s system for an ISO 27001 certificate and implement all of its requirements. The most important tasks of a lead auditor include planning and conducting management, finance and compliance audits. The aim is to check existing security measures and identify improvement potential. An equally important part is to subsequently create meaningful reports on the audit and determine when the ISMS is ready for external certification.