Careers Career Paths Jobs in Tech: Information Systems Security Manager Print xavierarnau/Getty Images Career Paths Technology Careers Sports Careers Sales Project Management Professional Writer Music Careers Media Legal Careers US Military Careers Government Careers Finance Careers Fiction Writing Careers Entertainment Careers Criminology Careers Book Publishing Aviation Animal Careers Advertising Learn More Table of Contents Expand General Job Responsibilities The Big Picture—Designing a Security Policy Day-To-Day Operations Required Knowledge and Skills Experience, Training, and Certification By Patricia Pickett Patricia Pickett Patricia Pickett is a communications coordinator at Ontario Tech University and has been writing about technology and business since 2000. Learn about our Editorial Process Updated on 10/10/19 Large IT security departments will typically employ an Information System Security Manager who fills a supervisory role, shouldering management and training responsibilities for the rest of the security staff. Lean what to expect in this career. General Job Responsibilities While, as with most careers, specific duties vary based on the company who employs you, the ISSM's overall responsibilities are to: Manage the implementation and development of an organization's IT securityMake sure security policies, standards and procedures are established and enforcedCoordinate information security inspections, tests, and reviewsOversee an in-house security team (as well as workers who telecommute, if applicable) Also called IT security managers, people in this career generally work full-time in an office setting. Overtime hours are more probable than with some other jobs, as the security team will typically work on a problem or threat until it is resolved, rather than clocking out at 5:00 pm. The Big Picture—Designing a Security Policy To design a security policy, the Information Systems Security Manager will likely gather and organize technical information about the company's mission, goals, and needs, as well as its existing security products and its ongoing programs and activities. He will also conduct risk analyses and assessments and then make sure there are solutions in place to mitigate those risks. This background work goes toward creating the organization's information security plans and policies. The Information Systems Security Manager helps identify the organization's current security infrastructure and define what kind of security must be designed and implemented in order to meet the organization's requirements. Then the manager oversees the rest of the security team members as they design and implement the solutions according to security requirements. Day-To-Day Operations Information Systems Security Managers provide guidance when it comes to analyzing and evaluating networks and security vulnerabilities, and managing security systems such as anti-virus, firewalls, patch management, intrusion detection, and encryption on a daily basis. The Information Systems Security Manager may be required to interact with and advise the organization's non-technical employees, such as during staff meetings, teleconferences, or other situations in which security issues need to be addressed. In the event of system disasters resulting in data loss, security managers are responsible for assisting with data recovery. Required Knowledge and Skills An Information Systems Security Manager will typically require knowledge of several areas, including: Security tools and programs that are currently availableBusiness security practices and proceduresHardware/software security implementationEncryption techniques/toolsVarious communication protocol Applicants should also possess good decision-making and analytical skills and be able to pass background checks. Experience, Training, and Certification While there is a wide range of requirements and the ones you need will depend on the organization, it’s not an easy job to get and not accessible to entry-level applicants. Some Information Systems Security Manager postings indicate that you need a Bachelor's degree in a related computer field plus up to nine years of experience. You may be able to land this position without a degree, although an employer may ask for more years of experience in lieu of the desired university degree. Your work experience should ideally involve security in a major way, and management/leadership skills are a bonus. Sometimes, a strong history in a non-security information science job will be sufficient. The following certifications may also be required: MCSE: SecurityUnix/Linux Certification Aspiring IT security managers should focus on building up a strong portfolio of security skills. If you are still in school, tailor your course choices to develop these skills. Otherwise, get basic training and a certification or two, then apply to entry-level security positions and work your way up. Note: Updates to this article have been made by Laurence Bradford.