Job Descriptions
Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.
Information Systems Security Manager - Cybersecurity Operations
Skills
Job Description
Other titles include:
- Cyber Security Operations Manager (CSOC)
- Security Operations (SOC) Manager
- Cybersecurity Manager
- Information Systems Security Manager (Cybersecurity Operations)
Note: This role is most commonly found in large or medium-sized organizations.
Reporting relationship
To be completed by the user of this job description as appropriate.
Job purpose / summary
Plans, organizes, directs, controls and evaluates the activities of the cybersecurity operations centre within an organization. Employed throughout the public and private sectors.
Duties and responsibilities
- Lead and manage SOC personnel including hiring, training, staff development, performance management and conducting annual performance reviews
- Maintain currency in cybersecurity threat landscape and security technologies
- Develop and implement an integrated SOC program that meets legislative and organizational requirements
- Develop and publish SOC governance mechanisms (policies, procedures and guidance)
- Develop and implement a measurement and quality assurance program
- Monitor and report on SOC program effectiveness to senior management
- Monitor and manage relationships with security services and technologies providers
- Provide strategic assessments on threat landscape, SOC technology trends, and emerging security technologies
- Seek and interpret threat intelligence based on organizational risks
- Manage cybersecurity events and incidents within the SOC
- Provide reports, briefings and risk-based recommendations on routine and non-routine cybersecurity events and incidents including responding to organizational crises (e.g. business systems shut-downs).
- Lead and facilitate lessons learned, post-mortem and best practices activities on cybersecurity events and incidents
- Develop and oversee implementation of action plans in support of continuous improvement of cybersecurity posture
Tools and Technologies
- Incident management processes and procedures
- Defensive systems including firewalls, anti-virus software and systems, intrusion detection and protection systems, scanners and alarms
- Security event and incident management systems and/or incident reporting systems and networks,
- Authentication software and systems,
- Vulnerability management processes and vulnerability assessment systems including penetration testing if used
- Security services provided if applicable
Competencies
Underpinning this occupation are those competencies demonstrated for an activity manager as well as the Information Systems Security Manager within the US NICE Cybersecurity Workforce Framework. Specifically, this work requires:
Basic level of application of the following KSAs:
- Preventative technical, operational and management controls available and organizational responsibilities for those controls
Advanced level of application of the following KSAs
- Organizational threats and vulnerabilities including:
- Cybersecurity threat landscape and adapting SOC processes to meet the evolving threat
- Vulnerability management requirements and the range of potential mitigations available when a vulnerability management protocol does not exist
- Defensive systems management including:
- Firewalls, anti-virus, intrusion detection and protection systems
- Required manual and automated settings
- Monitoring, testing and maintenance requirements
- Developing, implementing, and managing:
- Incident management processes and policies
- Incident management responsibilities
- Incident monitoring and reporting practices in accordance with legislative requirements and organizational policies
- Post-incident analyses and reports
- Organizational lessons learned in support of continuous improvement
- Supplier management (if IT or security services are outsourced):
- Roles and responsibilities of security controls of supplied services
- Roles and responsibilities of supplier in incident management and reporting
- Incident monitoring, assessment and reporting requirements during the life-cycle of the contract
- Organizational responsibilities in response to a compromise/breach on the part of the supplier
- Managing supplier communications and relations during a crisis
- Advising on security requirements, policies, plans and activities
- Drafting and providing briefings and reports to different audience levels (users, managers, executives)
- Maintaining broader security situational awareness
- Self-awareness regarding knowledge, skills and abilities required to respond to business, threat and technical changes.
- Continuous learning to support currency in knowledge of emerging threats, technological innovations in security, and the changing cybersecurity landscape.
Direct reports (if appropriate)
To be completed by the user of this job description as appropriate
Qualifications
Education. Bachelor’s degree in computer science or related discipline or College diploma in IT field or equivalent training and experience.
Certifications.
To be completed by the user of this job description as appropriate
Other relevant qualifications.
To be completed by the user of this job description as appropriate
Key Attributes.
To be completed by the user of this job description as appropriate
Experience.
Significant (5-10 years) experience in IT domain with 3-5 years’ experience in cybersecurity operations or related domain.
Cybersecurity operations training with industry-level certification in related field (e.g. network security, incident handling, threat detection and mitigation, digital forensics).
Security operations team management training or equivalent development and experience.
Training on organization relevant tools and technology that support cybersecurity operations
Typically follows 5 to 10 years in related roles in IT operations or cybersecurity operations or similar employment. This role supports increasing management level responsibilities based on a solid technical foundation in cybersecurity operations or a related work role (e.g. vulnerability assessment & management, digital forensics, cybersecurity analysis).
Working conditions (if required)
If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.
Physical requirements (if appropriate)
If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.