The need for cyber security professionals is ever-increasing, with growing awareness of cyber security, working from home on the rise, and attacks becoming more frequent. There is no clear-cut path to getting a job at the top of the cyber security career pyramid. Instead, a combination of experience and relevant qualifications, met with a passion for the job is the best way of progressing in a cyber security career.
Governance, Risk and Compliance Officers
A compliance officer’s main role is to ensure that an organisation and its employees understand the regulatory and legal requirements for cyber security that they must abide by, and that these measures are implemented. An organisation must have internal controls prepared to protect itself and its staff from cyber attack, and the compliance officer will support them in their ability to comply with these controls. To do this, the officer will clearly communicate to staff the organisation’s cyber security regulations and expectations, identify areas where compliance may be at risk, and take action in the event of regulatory breaches. Consistent monitoring of regulatory processes and how well they are being followed can be helpful for the compliance officer to improve the effectiveness of an organisation’s cyber security. Overall, the compliance officer works to ensure that a company stays within the law and its own regulatory framework with regards to cyber security.
To achieve a position as a compliance officer, some key skills will prove incredibly useful. First, high standards of ethics are required in order to manage sensitive information regarding cyber security vulnerabilities, risk and requirements. Strong communication skills are essential, allowing the officer to highlight the importance of regulatory measures and compliance, making others understand this importance, and relaying changes in policy and requirements in a clear and effective manner. Once in the role, a thorough understanding of the organisation itself and cyber security law is vital in identifying compliance risks and the best measures to ensure policies are being followed.
Employers often ask for a minimum qualification of a Bachelor’s degree, with others asking for MBAs on top of this. There are programs such as the Certified Compliance and Ethics Professional Program (CCEP) which are specifically designed for compliance roles. Other avenues, such as apprenticeships are available to provide the knowledge and experience to undertake this role.
One role of large importance within cyber security is the job of security manager. A security manager will work for an organisation to manage their cyber security team and procedures to prevent attack. More managerial than technical, this role will involve working with your team to develop and implement policies and strategies regarding cyber security. Trialling and assessing new security software, staying alert of attack trends, and budgeting security efforts are often responsibilities of the security manager. If a breach in security occurs, it is your job to request investigations into how and why, and to work with your team to defend against this happening again. Managerial roles usually entail supporting employees where needed, as well as handling the hiring and firing of the security team.
Around 10 years experience in computer security is generally required to become a security manager. A bachelor’s degree and additional certificates are sometimes listed as requirements, but experience is often recognised as most valuable. Candidates may be more likely to be successful with the acquisition of an MBA focusing on IT security.
A CISO is the Chief Information Security Officer. CISOs are often hired in large organisations, and are at the very head of IT security for that organisation. Working in the same way as a security manager and for the same reasons, the CISO works with a team to implement policies, procedures and technology to mitigate against cyber attack. In big corporations, the CISO is often in a position above the security manager, in which, typically, many security managers head respective departments and report back to the CISO. The duties of the CISO are largely the same as those of a security manager, just on a larger scale. As head of cyber security for the company, the CISO will need to thoroughly understand the company itself and its cyber security requirements in order to be the most effective. CISOs sometimes report directly to the CEO or main board, but more often they report to the Chief Technology Officer, Chief Information Officer or sit within the IT function.
Similarly to the role of security manager, years of experience is the place to start in pursuit of a CISO position. On top of this, additional certifications and degrees are required by some, and in many cases an MBA is seen as valuable. CISOs themselves increasingly recognise the importance of business acumen, even more so than technical experience.