What are the responsibilities of a Security Manager
As a Security Manager, you are expected to play a role of management when it comes to the organization’s IT security in almost every aspect. You will be creating new security plans and solutions, implementing training procedures and policies.
A Security Manager may never be involved in technical issues until necessary. They are the force behind every organization’s security team.
The Security Manager role position is a mid level career. You will be required to do the following:
- Implement, define and maintain all corporate security procedures and policies
- Be responsive to immediate security incidents and provide a thorough analysis after investigation
- You will be the bridge connecting the team of programmers, auditor’s, risk assessment professionals and the upper management
- Make sure compliance is there regarding the staff clearance and security
- Identify integration issues with new technologies and prepare cost estimates for upgradation/renewal of technologies
- Take care of staff schedules and department budgets
- Develop and execute different strategies that will improve the security and reliability of IT projects
- Take care of forensic investigations, vulnerability audits and mitigation procedures
- Take control and manage a team of analysts, security administrators and other related staff
- Make sure necessary training programs are implemented within the organization that increases awareness in security, procedures and protocols
- Test, assess and find new security technologies and products
To reach the post of a security manager, you will have to begin at an entry level position like:
- Network Administrator
- System Administrator
- Security Administrator
When you have spent enough time in the above positions, you can take your experience to the next level and become the following:
If you want to reach to the top, you can move on to a top level security position such as:
A security manager is often also called:
- Information Security Manager
- Systems/Applications Security Manager
- Information Systems Security Manager
- IT Security Manager
- Security Manager (systems/information/applications)
Average yearly salary of a Security Manager is $60,985 per year. The basic salary can start anywhere at $33,037 yearly and can reach a maximum of $109,370 per year (2016 figures)
Security Managers are expected to hold at least a Bachelor’s degree in cyber security, computer science or related technical subject like mathematics or engineering.
If you don’t have a bachelor’s degree in IT related field, you can opt for a master’s degree in IT security. You can enhance your application by having professional experience and certifications.
A security manager position is a managerial position. You should at least have 5-10 years of experience in IT. Many employers want to see at least 3-5 of those years of experience in Security.
Management positions revolve a lot around soft skills. In this position, you will be collaborating with seniors like a Security director or CISO. You will also be in touch with vendors, analysts and engineers. You are expected to show significantly good leadership qualities as well as oral and written communication skills.
Many employers also demand problem solvers and multi-taskers because you will be dealing with a variety of issues in the organization.
Security Managers are required to have a very good understanding of technical skills that include IT Security, Programming and Architecture. When working under entry level positions, try to polish the following skills:
- Security concepts revolving around authentication, DNS, DDOS mitigation, VPN, Proxy services,routing etc
- HIPAA, GLBA, SOX, PCI and NIST compliance assessments
- C, C++, C#, PHP or JAVA programming languages
- Ethical hacking, secure coding practices and switches
- Network security architecture definition and development
- Methods and practices of IT strategy, security architecture, enterprise architecture etc
- ISO 27001/27002, COBIT and ITIL frameworks
- Unix, Linux and Windows Operating Systems
- Firewall intrusion prevention, detection protocols
- Computer networking, TCP/IP, switching and routing
- Good knowledge of auditing and cloud risk assessment technologies from third parties
Security Managers are expected to hold some sort of certifications. For most employers, a candidate holding CISS or CISM are good enough. However, you can also look at the following:
- CISSP: Certified Information Systems Security Professional
- GSLC: GIAC Security Leadership
- CISM: Certified Information Security Manager
- CISSP-ISSMP: Information Systems Security Management Professional
Latest posts by Jake Ciber (see all)
- Why Cybersecurity Professionals Need Certifications - December 9, 2018
- 4 Ways to Increase Security Across Your Business Devices - December 3, 2018
- Preventive Measures to Protect Your SMB from a Cyber Attack - November 23, 2018