Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO) Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor
Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst
Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Systems Analyst
User Interface Designer
Developer
Data Scientist (Tech)
Architectural Designer
Project Manager
Legal Compliance Officer
IT Auditor
Automation Process Engineer
IT Author / Technical Writer
Clinical Researcher / Coordinator
Machine Learning Engineer
Social Media Manager
Systems Engineer
Computer Vision Engineer
IT Service Manager
Data Analyst
Product Manager
Policy Analyst
Learning and Development Specialist
Cognitive Copywriter
Front End Developer
Technical Recruiter
Business Analyst
User Experience Designer
Programmer
Full Stack Developer
Data Engineer
Software Engineer
Deep Learning Engineer
Medical Coder/Programmer
Human Resources Analyst
Robotics Process Analyst
Online/Digital Learning Developer
Network and Systems Administrator
Systems Architect
Tech Sales and Customer Service
Graphic and Animation Designer
IT Program Manager
Web Developer
Business Intelligence Analyst
IT Procurement Officer
Digital Marketing / Communications

Chief Information Security Officer (CISO)

OVERSEE & GOVERN

Skills

Job Description

Other Titles Include:

  • Chief Security Officer
  • Departmental Security Officer
  • Information Security Director

Note: depending on the size of the organization and the reliance on information technology, this occupational role may be subsumed within the responsibilities of the Chief Information Officer, Chief Technology Officer, Chief Resiliency Officer or similar role.

Reporting relationship

  • President or Chief Executive Officer
  • Board of Director
  • Chief Technology Officer
  • Chief Information Officer

Job purpose / summary

An executive level role with accountability and responsibility for digital/information security activities of the organization. This includes overseeing and managing strategy development and implementation, for cybersecurity operations, budget and resources that support protection of the enterprise information assets and manages that program. Employed throughout the public and private sectors.

Duties and responsibilities

  • Collaborate with key stakeholders to establish an effective cybersecurity risk management program.
  • Ensure compliance with the changing laws and applicable regulations
  • Develop and implement strategic plans that are aligned to the organizational objectives and security requirements
  • Direct and approve the design of cybersecurity systems
  • Identify, acquire and oversee management of financial, technical and personnel resources required to support cybersecurity objectives
  • Advise other senior management on cybersecurity programs, policies, processes, systems, and elements
  • Review, approve, oversee monitoring of cybersecurity policies and controls
  • Ensure incident response, disaster recovery and business continuity plans are in place and tested
  • Draft terms of reference, oversee and review cybersecurity investigations
  • Maintain a current understanding the IT threat landscape for the business context;
  • Schedule and oversee security assessments and audits
  • Oversee and manage vendor relations related to acquired IT security products and services
  • Ensure security requirements are identified for all IT systems throughout their life cycle.
  • Provide training and mentoring to security team members
  • Supervise or manage protective or corrective measures when a cybersecurity incident or vulnerability is discovered.
  • Strategic and business plans
  • Threat and risk assessments
  • Vulnerability management processes and vulnerability assessments
  • Incident management processes and procedures
  • Security event and incident management systems and/or incident reporting systems and networks,
  • Cybersecurity risk management processes & policies
  • Privacy and security legislation
  • Organizational security infrastructure and reporting systems

Competencies

Underpinning this occupation are those competencies demonstrated for an executive level which include those identified within the USNICE Cybersecurity Workforce Framework.

Basic application of the following KSAs:

  • Integrated/organizational security concepts, principles and practice (software, system, data, physical and personnel) 
  • Preventative technical, operational and management controls available and organizational responsibilities for those controls
  • Sector/context relevant threats, business needs and technical infrastructure
  • Required to support project management and security requirements throughout the project life-cycle

Advanced application of the following KSAs:

  • Organizational threats and vulnerabilities including:
    • Cybersecurity threat landscape
    • Vulnerability management requirements and the range of potential mitigations available when a vulnerability management protocol does not exist
    • Organizational security infrastructure including protective and defensive systems
  • Developing, implementing and allocating resources, personnel and technology to address organizational security objectives.
  • Identifying requirements for and developing cybersecurity and cybersecurity risk management policies and procedures.
  • Supplier management (if IT or security services are outsourced)
  • Organizational communications, public communications and communicating during a crisis.
  • Cybersecurity program management, measures and monitoring

Tools and Technologies

  • Strategic and business plans
  • Threat and risk assessments
  • Vulnerability management processes and vulnerability assessments
  • Incident management processes and procedures
  • Security event and incident management systems and/or incident reporting systems and networks,
  • Cybersecurity risk management processes & policies
  • Privacy and security legislation
  • Organizational security infrastructure and reporting systems

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Reporting relationship

To be completed by the user of this job description as appropriate

Qualifications

Education. Bachelor’s degree in computer science or related discipline or equivalent training and experience. 

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. Significant (5-10 years) experience in IT domain with 3-5 years’ experience in cybersecurity management roles.

As an executive level position, the pathway also includes competency development including training, education and experience outside of the technical field. Role-based training to support senior level management of security preferred

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.