In this video, Marc Menninger describes key roles and functions performed by IT security managers. Discover which skills and certifications IT security managers are expected to have. Learn how many years of experience and other requirements you'll need to qualify for this high-demand IT security job.
- [Narrator] IT security managers manage people and projects to help organizations implement successful security programs. As an IT security manager, your job will be to create and execute strategies to improve security. This means you'll need to have a deep understanding of security programs based on many years of experience. An IT security manager's job often includes writing and implementing security policies and procedures, leading security audits, forensic investigations and mitigation procedures, and overseeing security awareness and training programs.
In addition to IT security manager, common job titles include Information security manager, Information systems security manager, and Applications security manager. IT security managers must have a good mix of technical and management skills. So in addition to having a thorough understanding of technical networking concepts, security managers must have strong interpersonal, written and oral communication skills. They also need analytical and leadership skills. Experience leading diverse teams and driving organizational change are often requirements on IT security manager job postings.
Because they will be implementing a reliable security program, IT security managers need to know ISO 27001, 27002, ITIL and COBIT frameworks, as well as understand PCI, HIPPA, NIST, GLBA, or SOX compliance assessments. Security managers need to see the big picture, so their skills should include practices and methods of IT strategy, enterprise architecture, and security architecture. They will be expected to have experience implementing information security best practices and standards.
And they should know security risk assessment methodologies to measure and manage the risk in their security programs. IT security manager jobs aren't entry-level positions. Most job postings will require a minimum of six years of hands-on experience in information security or a combination of information security and IT audit or related discipline. Almost every manager role will require a bachelor's degree in a related field. This means an IT field such as a computer information systems degree. Other technical degrees may also be accepted.
Frequently desired certifications for IT security managers include CISM, CISSP, CISSP-ISSMP, and GIAC GSLC. IT security manager jobs are great for security professionals with a depth of technical and people experience, and desire to lead an organization's security program.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- The job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself