The experts in cybersecurity protection, detection, reaction, and recovery within a company are IT security managers (sometimes referred to as cybersecurity managers). However, the duties of an IT security manager can change depending on the size of the company.

In smaller businesses, you might be in charge and responsible for everything from establishing security policies to overseeing the technological components of security (and everything in between).

The function of the IT security manager often has a narrower focus in larger organizations, and you can anticipate to fill one of two roles:

  1. A technical security manager. In this role, you would be in charge of security systems, such as firewalls, data protection controls, patching, encryption, vulnerability scanning, pen testing, and so on. You would also manage the team that oversees the proper deployment, configuration, and functioning of these systems.
  1. A program security manager. This is a more strategic role that would see you engaged in the world of risk management and mitigation. Typically, this individual is involved in evaluating vendor risk, examining vendor contracts or terms of service, helping different teams around the organization understand third-party risk and data privacy issues, and more.

Of course, an IT security manager’s role and responsibilities are going to vary tremendously based on the size of the team and the industry. But there are still a number of critical functions tasked to this individual at nearly any organization. We’ve organized those roles and responsibilities below.

What does an IT security manager do?

This strategically important role compromises nine key responsibilities:

  1. Monitor all operations and infrastructure. This could be something you do by yourself, or you could be leading a team — either way, your daily bread and butter involves going through alerts and logs (the computer security equivalent of video surveillance) in order to keep an eye on your organization’s digital security footprint.
  1. Maintain all security tools and technology. This could be a shared responsibility or the sole responsibility of the IT security manager and their team.
  1. Monitor internal and external policy compliance. You want to ensure that both your vendors and employees understand your cybersecurity risk management policies and that they operate within that framework. The IT security manager is the living embodiment of policy, and while you may not always be in charge of enforcement, you are responsible for making sure things are in line internally.
  1. Monitor regulation compliance. This is particularly important if you’re in a heavily regulated industry and are dealing with things like credit card information, health care data, or other personally identifiable information.
  1. Work with different departments in the organization to reduce risk. From technical controls to policies (and everything in between), you’ll likely be tasked with working across the aisle of departments in your organization to get everyone on the same page.
  1. Implement new technology. If your organization is looking at a new technology, you must evaluate it and help implement any controls that might mitigate the risk of its operation.
  1. Audit policies and controls continuously. Cybersecurity is a circular process, and as a manager, you must drive that process forward. This means regularly auditing the policies and controls you put into place. These audits will tell you if there’s anything you need to improve, remediate, or quickly fix.
  1. Ensure cybersecurity stays on the organizational radar. Does it seem as though the organization you’re with isn’t being proactive about cybersecurity? As the IT security manager, your job is to make the benefits clearly visible and champion all efforts going forward.
  1. Detail out the security incident response program. Every organization should have a well-defined and documented plan of action to put into place if a security incident does occur.

As the IT security manager, it is your responsibility to ensure that this program is tested throughout the organization and that every high-level manager knows his or her duties during such an incident. This may be a responsibility that is the IT security manager’s alone, or it could be a shared responsibility.

‍

Posted 
Jan 8, 2023
 in 
IT & Software
 category

Jude Touqan

View Posts
Post Tags:
IT
Cyber Security

More from 

IT & Software

 category

View All
Cloud Computing: Advantages and Disadvantages
 min read
Cloud computing: What is it? Advantages and Disadvantages
 min read
Encryption: What Is It? Types, Functions, and Advantages
 min read
Two-Factor Authentication: How It Works and Example
 min read

Join Our Newsletter and Get the Latest
Posts to Your Inbox

No spam ever. Read our Privacy Policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.