An Information Security Business Manager is expected to function as a security leader within their designated role and partner with higher-ups to address security-related challenges. The tasks they perform are both strategic and hands-on and require a good understanding of varying information security disciplines and the business units they’re associated with. Additionally, they can also be asked to shoulder the training and management responsibilities for the rest of the security personnel.
This means that the role of an information security business manager may sometimes be a little hard to define. Let’s talk about it.
What Does an Information Security Business Manager Do?
The information security business manager is primarily responsible for diving and establishing a business-specific security-oriented program geared towards assisting related business units in detecting and resolving risks while also offering support to the information security officer (ISO). The role liaises between the information security officer and the business, keeping an open line of communication when it comes to reporting of security vulnerabilities to the associated leadership and ISO.
Additional responsibilities may include:
- Directing business departments towards cyber-attack prevention and mitigation strategies to minimize future breaches
- Serving as a major figure in information security deficiency fixation processes by shaping communication points and remediation
- Offering transparency to organizational units on upcoming information security initiatives
- Coordinating information security proposals, tests, evaluations, and inspections
- Maintaining all security programs and technologies as part of a shared effort with the IT department
- Managing data safety programs within assigned business units, including activities for the classification of unstructured data
- Ensuring all stakeholders know the state of controls they’re accountable for and understand the part they have to play in the overall information security drive
- Crossing bridges and getting along with department stakeholders to maintain a healthy security posture
Moreover, they will need to analyze how to best manage a budget for these activities while keeping a diligent watch over indirect expenses like hardware costs, freelancer contracts and potential incidentals that occur during an implementation cycle. They can be even asked to audit the controls and policies the ISO put in place, as well as make their benefits clearly visible to the aligned business units.
Security is an organization-wide problem and an organization-wide solution, so most of the infosec business manager’s responsibilities are about communicating best practices to all areas of a company.
Who Hires Information Security Business Managers?
One of the benefits of becoming an information security business manager is that there are career opportunities in almost every secure, from the oil and gas industry to the industry of health or filmmaking. That’s because most companies rely on an internal security team to run smooth operations. There’s also a portal for government-related cybersecurity positions that interested persons could apply to. However, running for a position in a government-operated organization often requires the applicant to get a security clearance.
Data from Indeed indicates that Intel, Boeing and General Motors are among the top companies recruiting information security professionals, so anyone interested in working as an information security business manager can start at these organizations’ career pages when searching for an opening. Finally, industries like healthcare and finance are trying to ramp up their information security awareness efforts, which should result in more job opportunities.
When researching what sectors are most in need of information security business managers, remember that various interconnected business units would need to be supervised and managed for security-related compliance and implementations. HR may also want their information security business manager to have basic knowledge of specific programming languages, and to be capable of showing real-life examples of how they helped the security team within an organization to accomplish a shared objective.
What Type of Work Environment Is Available to Information Security Business Managers?
A fresh information security business manager may begin in a relatively small organization, being indoors and trying to streamline security-related communications for all or most of the workday. Department heads will contact them for guidance and advice on how to conduct themselves in a state of crisis, implying that the environment can be unpredictable and stressful at times.
On the managerial front, the job entails carrying out security coordination and planning that will safeguard an organization’s mission-critical information from unauthorized access, deliberate attacks, theft and corruption. Hence, being organized, detailed-oriented and capable of identifying what might cause things to go awry are some of the essential characteristics HR managers expect information security business managers to have.
The role may also involve occasional travels to offsite locations to coordinate security plans with remote employees. This background work is necessary for helping an organization identify its existing security infrastructure and determine what kind of policies must be designed for achieving business security goals and compliance.
What Are the Requirements for the Position?
Candidates applying for the position of information security business manager need to have business acumen and well-developed IT knowledge. More experienced applicants could directly progress to dealing with more complex information security issues and begin to liaise with a team of security experts with important business units such as finance, to implement new, robust plans or bolster current security measures.
Employers also request an MBA and a bachelor’s degree in a computer field, plus work experience involving security in a significant way. Sometimes, however, lengthy work experience in an information science role that doesn’t have a direct link with security will be sufficient. The hiring criteria differs from one company to another.
Aspiring information security business managers should focus on developing a portfolio of security skills. If they don’t have a computer-related education, they can get a Linux/Unix certification. Completion of specialized certifications like CISA, CISSP, CISM and so on would come off as an additional advantage during the job search and position interviews. Additionally, a membership with a recognized organization may create valuable relationship-building opportunities.
Many of the recent data breaches have highlighted how necessary it is for companies of all sizes to have people on their security teams who can keep internal units aligned and provide more insight about emerging security issues within the organization. Use the information discussed above to gain a clear understanding of the dynamics of the information security business manager role in addition to the rate of technology change taking place. It will help in analyzing the current requirements for the role, as well as identifying positions where management abilities and positions are regarded more than a candidate’s technical competencies.
- OPM Launches New Cyber Careers Website, OPM.gov
- Top 10 companies hiring cybersecurity professionals, TechRepublic