Description
Implements information security policy.
Monitors and takes action against intrusion, fraud and security breaches or leaks.
Ensures that security risks are analysed and managed with respect to enterprise data and information.
Reviews security incidents, makes recommendations for security policy and strategy to ensure continuous improvement of security provision.
Levels
Level 2
Systematically scans the environment to identify and define vulnerabilities and threats.
Records and escalates non-compliance.
Level 3
Evaluates security management measures and indicators and decides if compliant to information security policy.
Investigates and instigates remedial measures to address any security breaches.
Level 4
Provides leadership for the integrity, confidentiality and availability of data stored on information systems and complies with all legal requirements.
Knowledge
The organisation’s security management policy and its implications for engagement with customers, suppliers and subcontractors
The best practices and standards in information security management
The critical risks for information security management
The ICT internal audit approach
Security detection techniques, including mobile and digital
Cyber attack techniques and counter measures for avoidance
Computer forensics
Skills
Document the information security management policy, linking it to business strategy
Analyse the company critical assets and identify weaknesses and vulnerability to intrusion or attack
Establish a risk management plan to feed and produce preventative action plans
Perform security audits
Apply monitoring and testing techniques
Establish the recovery plan
Implement the recovery plan in case of crisis
Functies met E.8. Information Security Management competentie