To carry out professional functions and responsibilities properly, the information systems security manager should have well-developed professional skills and abilities. The information systems security manager should have expertise knowledge and skills in such fields as information security governance, information risk management and compliance, information security program development and management, information security incident management. All these skills, abilities and expertise knowledge are crucial for the successful performance of the information systems security manager.
The information security governance is a relatively new concept but still it is very important in terms of the information systems security at the organizational level. In fact, the information systems security manager should be able to develop and to maintain information system at the organizational level that means that the manager should manage the information security system in the entire organization. The manager cannot limit his/her responsibility by one department solely. Instead, the manager should take the organization as the whole and develop the information systems security that protects the entire organization. In addition, the manager should develop policies, standards and procedures for the entire organization as well.
Furthermore, the information risk management and compliance is another field the information systems security manager should pay a particular attention to. In fact, the manager should conduct the assessment of information risks the organization may be exposed to and to develop effective strategies to prevent those risks. The information risk management includes the elaboration of long-run strategies that help the organization to keep its information system secure and fully protected from external as well as internal threats. The effective information risk management can increase the effectiveness of the information system of the organization and minimizes potential and actual risks the organization may be exposed to.
The information systems security manager should also focus on the information security program development and management. The information security program development and management implies that the manager develops an effective and reliable information security program that can protect the organization from information risks and threats. The manager conducts the management of the information security program and introduces changes, if necessary, in response to changes in the business environment of the organization or possible technological changes.
The information security incident management is also a part of the job of the information systems security manager. The manager should be aware of the fact that information systems of the organization may be vulnerable not only to intended threats but also to incidents that may occur in the course of the functioning of the organization. Hence, the manger should come prepare to such incidents and be able to manage them properly.
The information systems security manager should cooperate closely with the IT department of the company and develop close cooperation with the managerial staff to be able to forecast the further development of the company and information technologies the company will need in the future. Thus, the manager will be able to forecast possible threats and assess the effectiveness of the current information systems security. If necessary, the information systems security manager can introduce changes in the information security of the company.
Thus, the information systems security manager performs an important job and has to fulfill professional responsibilities properly.