IT Security Manager Responsibilities: Oversight, Reporting, Personnel Management

The role of IT security manager, information security manager, or cybersecurity manager will vary depending on a number of factors — industry, business size, network sophistication, and so on. However, a person in this role can expect to be held to some or all of the following information security manager responsibilities:

Taking ownership of security and risk management processes/policies

• Auditing and understanding existing policies and adjusting policies as needed to meet new threats
• Aligning company policies to existing cybersecurity frameworks (NIST, CIS, etc.)
• Conducting periodic policy/process assessments and updates

The first and most important responsibility of an IT security manager is taking ownership of existing risk management policies, understanding what processes are in place, and adjusting them to meet best practices. As a cybersecurity leader at your organization, you’re responsible for maintaining cybersecurity policy and ensuring that processes are adequate for the current threat landscape.

Cybersecurity strategy

• Have a full understanding of the current threat landscape
• Identify risks to the business and recommend strategies to address those risks
• Develop long-term cybersecurity roadmap

IT security manager responsibilities include both protecting systems for today and anticipating tomorrow’s threats. The protections you have in place now may leave you exposed in only a few months time. A big part of staying ahead of IT security management in general comes down to staying informed about emerging threats and new trends in cyber crime.

Compliance management

• Understand all laws and regulations applicable in your state/country and industry
• Implement policies that will keep the organization compliant
• Coordinate regular internal and third-party compliance audits

Cybersecurity is increasingly a matter of public safety. Not surprisingly, a number of new laws are going on the books that are designed to regulate businesses that store customer data — CCPA in California and GDPR in the EU being two noteworthy examples. Part of an IT security manager’s job today involves understanding and implementing policies that are based on legal guidelines to ensure that all IT systems are both secure and compliant with the law.

Incident detection and management

• Analyze information systems using packet analysis tools, intrusion prevention software, forensics tools, and vulnerability assessment software
• Investigate and respond to security incidents
• Develop standardized documentation to create a record of breaches

It’s not always apparent when your network has been compromised. In a recent incident involving a Saudi petrochemical plant, cybercriminals had gained control of third-party devices a full two years before the attack was discovered, leaving vital protective systems exposed the whole time. Monitoring of network systems for intrusion is a full time job, one that involves ongoing updates to tools and tactics based on current threats in the ecosystem.

Business continuity/disaster recovery management

• Create a business continuity plan in the case of a data breach or cyber attack
• Coordinate cyber attack drills to rehearse plan
• Periodically review and update

80% of companies will experience some kind of critical security breach in 2019. IT security managers are responsible for having a plan in place for when the worst happens. Your responsibility includes developing a plan to conduct business during a cyberattack, and mitigate the worst effects during recovery. Everyone will be looking to you for guidance and leadership in the wake of a crisis.

Assessing internal cybersecurity

• Coordinating regular penetration tests, vulnerability scans, etc.
• Identify weaknesses in network protections and remediate
• Use security ratings to improve overall cybersecurity posture

Running penetration tests and vulnerability scans offer valuable insight into gaps and weaknesses in your cybersecurity defenses. IT security managers will be tasked with identifying and remediating deficiencies to ensure network systems can withstand a head-on cyber attack.

Managing cybersecurity hygiene/diligence

• Ongoing patch management
• General network hygiene (reviewing open ports, updating firewalls, etc.)
• Website/domain security hygiene (TLS/SSL, etc.)

Networks require ongoing work to stay up to date with best practices. That involves periodic updates to ports, patches, and domains to ensure that no easy access points are left exposed. As the IT security manager, scheduling ongoing maintenance (and putting tools in place to track when your network is exposed) is part of your job.

Third-party risk management

• Managing the third-party risk management (TPRM) program
• Sending cyber risk assessment questionnaires to third parties and reviewing responses
• Third-party site visits

Every third-party vendor in your network presents a potential risk. In fact, many of the biggest data breaches in recent years have originated in third-party software. Your cybersecurity is only as good as the security at your third-party vendors.

As the IT security manager, you’re tasked with managing a TPRM program, sending cyber risk questionnaires and keeping your vendors in check. You’ll also be in charge of finding software tools that can automate TPRM processes and alert you about high-risk vendors.

Technology selection/management

• Lead the planning, testing, tracking, remediation, and risk acceptance of existing and proposed technology
• Promote implementation of new technology, solutions and methods to improve business processes, quality, efficiency, effectiveness and value delivered to customers
• Conduct ongoing reviews of technology partners to weed out weak links

IT security managers will often be tasked with finding and implementing new technology and software to keep network protections up to speed with best practices. In many cases, the security manager will also need to make a case to other team leaders for directing investment to new technology solutions.

Personnel management

• Encourage the technical development of all team members
• Train technical and non-technical personnel on compliance requirements
• Assorted other managerial tasks and responsibilities

Not every part of the IT security manager’s job is technical. Personnel management is a vital part of running a successful IT department. As the manager, you’ll be tasked with hiring, providing support and training for junior team members, getting them up to speed with compliance requirements and best practices.

Reporting

• Regular reporting on cybersecurity to the CIO/CISO, if applicable
• Escalate issues of non-compliance, emerging risks, and risk tolerance breaches to appropriate leadership
• Provide data and metrics, such as security ratings, to illustrate progress as related to targets

Reporting current cybersecurity standing to executives can put the spotlight on emerging risks and compliance issues before they become a problem. Often, the IT security manager is tasked with providing C-suite IT leadership with the data and insight they need to effectively communicate technical subjects to non-technical leadership.

In short, IT security managers are saddled with a number of mission-critical responsibilities. To ease the burden, many cybersecurity managers rely on tools like Bitsight that automate internal systems monitoring, and keep an eye on the wider ecosystem to survey for threats.