Tuesday, 6 June 2017

Do you know the roles & responsibilities of a Security Professionals?

When I found the way to get into the Security Domain of my career interest, I found many interesting Security Roles that would help you to choose the right destination you want to become in your Security professional career.

Below are some of the important organisation specific Security Roles & its Responsibilities. Grooming yourself with each responsibilities and specializing in that area will make you an expert.

All the very best guys! Hope this was a very useful piece of information.


Security Administrator Responsibility
  • Defend systems against unauthorized access, modification and/or destruction
  • Perform vulnerability and networking scanning assessments
  • Monitor network traffic for unusual activity
  • Configure and support security tools such as firewalls, anti-virus software, patch management systems, etc.
  • Implement network security policies, application security, access control and corporate data safeguards
  • Analyze and establish security requirements for your networks
  • Train fellow employees in security awareness and procedures
  • Develop and update business continuity and disaster recovery protocols
  • Conduct security audits and make policy recommendations
  • Provide technical security advice

Security Analyst Responsibility
  • Plan, implement and upgrade security measures and controls
  • Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction
  • Maintain data and monitor security access
  • Perform vulnerability testing, risk analyses and security assessments
  • Conduct internal and external security audits
  • Anticipate security alerts, incidents and disasters and reduce their likelihood
  • Manage network, intrusion detection and prevention systems
  • Analyze security breaches to determine their root cause
  • Recommend and install appropriate tools and countermeasures
  • Define, implement and maintain corporate security policies
  • Train fellow employees in security awareness and procedures
  • Coordinate security plans with outside vendors

Security Engineer Responsibility
  • Create new ways to solve existing production security issues
  • Configure and install firewalls and intrusion detection systems
  • Perform vulnerability testing, risk analyses and security assessments
  • Develop automation scripts to handle and track incidents
  • Investigate intrusion incidents, conduct forensic investigations and mount incident responses
  • Collaborate with colleagues on authentication, authorization and encryption solutions
  • Evaluate new technologies and processes that enhance security capabilities
  • Test security solutions using industry standard analysis criteria
  • Deliver technical reports and formal papers on test findings
  • Respond to information security issues during each stage of a project’s lifecycle
  • Supervise changes in software, hardware, facilities, telecommunications and user needs
  • Define, implement and maintain corporate security policies
  • Analyze and advise on new security technologies and program conformance
  • Recommend modifications in legal, technical and regulatory areas that affect IT security



Security Architect Responsibility
  • Acquire a complete understanding of a company’s technology and information systems
  • Plan, research and design robust security architectures for any IT project
  • Perform vulnerability testing, risk analyses and security assessments
  • Research security standards, security systems and authentication protocols
  • Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
  • Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
  • Prepare cost estimates and identify integration issues
  • Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
  • Test final security structures to ensure they behave as expected
  • Provide technical supervision for (and guidance to) a security team
  • Define, implement and maintain corporate security policies and procedures
  • Oversee security awareness programs and educational efforts
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Update and upgrade security systems as needed

Security Consultant Responsibility
  • Acquire a complete understanding of a company’s technology and information systems
  • Plan, research and design robust security architectures for any IT project
  • Perform vulnerability testing, risk analyses and security assessments
  • Research security standards, security systems and authentication protocols
  • Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices
  • Design public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures
  • Prepare cost estimates and identify integration issues
  • Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers
  • Test final security structures to ensure they behave as expected
  • Provide technical supervision for (and guidance to) a security team
  • Define, implement and maintain corporate security policies and procedures
  • Oversee security awareness programs and educational efforts
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Update and upgrade security systems as needed

Security Manager Responsibility
  • Create and execute strategies to improve the reliability and security of IT projects
  • Define, implement and maintain corporate security policies and procedures
  • Spearhead vulnerability audits, forensic investigations and mitigation procedures
  • Respond immediately to security-related incidents and provide a thorough post-event analysis
  • Manage a diverse team of security administrators, analysts and IT professionals
  • Act as a key liaison between upper-level management, programmers, risk assessment staff and auditors
  • Institute organization-wide training in security awareness, protocols and procedures
  • Ensure compliance regarding staff security and clearance
  • Assess, test and select new security products and technologies
  • Prepare cost estimates and identify integration issues
  • Administer department budgets and staff schedules

Security Auditor Responsibility
  • Plan, execute and lead security audits across an organization
  • Inspect and evaluate financial and information systems, management procedures and security controls
  • Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations
  • Develop and administer risk-focused exams for IT systems
  • Review or interview personnel to establish security risks and complications
  • Execute and properly document the audit process on a variety of computing environments and computer applications
  • Assess the exposures resulting from ineffective or missing control practices
  • Accurately interpret audit results against defined criteria
  • Weigh the relevancy, accuracy and perspective of conclusions against audit evidence
  • Provide a written and verbal report of audit findings
  • Develop rigorous “best practice” recommendations to improve security on all levels
  • Work with management to ensure security recommendations comply with company procedure
  • Collaborate with departments to improve security compliance, manage risk and bolster effectiveness
  • Travel extensively

Security Director Responsibility
  • Manage IT security programs and supervise security departments
  • Prioritize and allocate security resources correctly and efficiently
  • Define, implement and maintain corporate security policies and procedures
  • Integrate IT systems development with security policies and information protection strategies
  • Monitor security vulnerabilities, threats and events in network and host systems
  • Develop strategies to handle security incidents and coordinate investigative activities
  • Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action
  • Prepare financial forecasts for security operations and proper maintenance cover for security assets
  • Participate in strategic planning for the deployment of information security technologies and program enhancements
  • Ensure security policies, procedures and protocols are being executed by the appropriate technical teams
  • Provide leadership, training opportunities and guidance to personnel
  • Design and implement education programs focused on user awareness and security compliance
  • Prepare senior-level technical reports for executive management
  • Connect legal, regulatory and local organizational requirements with security goals
  • Hire, review, and fire non-management employees

CISO Responsibility
  • Appoint and guide a team of IT security experts
  • Create a strategic plan for the deployment of information security technologies and program enhancements
  • Supervise development of (and ensure compliance with) corporate security policies, standards and procedures
  • Integrate IT systems development with security policies and information protection strategies
  • Collaborate with key stakeholders to establish an IT security risk management program
  • Audit existing systems and provide comprehensive risk assessments
  • Anticipate new security threats and stay-up-to-date with evolving infrastructures
  • Monitor security vulnerabilities, threats and events in network and host systems
  • Develop strategies to handle security incidents and coordinate investigative activities
  • Act as a focal point for IT security investigations and direct a full investigation with recommended courses of action
  • Prioritize and allocate security resources correctly and efficiently
  • Prepare financial forecasts for security operations and proper maintenance cover for security assets
  • Provide leadership, training opportunities and guidance to personnel
  • Work with senior management to ensure IT security protection policies are being implemented, reviewed, maintained and governed effectively
  • Spearhead education programs focused on user awareness and security compliance