<Summary>
In every security standard and local authority, InfoSec and Cybersecurity are the key elements in the governance level (e.g., SEC (registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance).
Thus the 3-core requirement is important to bring up a successful InfoSec and Cybersecurity to a company,
1. Governance and Strategy (Core Management level and CISO level)
2. Tactical, Planning and Analysis (InfoSec Level)
3. Technique and Operation (IT level)
In the InfoSec team, we’d need a member who understands both InfoSec and IT techniques.
The difference between an InfoSec technician and an IT technician is, that InfoSec is based on regulations/standards and is also familiar with IT technologies, so he/she has the ability to analyze/identify the technology flaws. The IT technicians are focused on IT solutions (equipment, OS, front-end software, etc.)
<Essential Duties and Responsibilities>
1. Analyze systems, security controls, and event logs to detect the nefarious activity of the company. Provide regular reports to the team on security incidents, risks, and the overall effectiveness of security measures.
2. Audit the company’s security controls to ensure they work correctly; Plan, document, and conduct complex audit assignments and projects.
3. Audit access throughout systems/applications and ensure access is at appropriate levels of the company.
4. Collaborate with/across teams and architects to ensure security compliance.
5. Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
6. Contribute to the annual risk assessment and development of the audit plan for assigned businesses or corporate staff groups.
7. Develop skills for ISO committee members across teams. Conduct audit fieldwork in accordance with department, and company standards.
8. Provide consulting services to internal terms including all unit leaders and members.
