Security Analyst
Staffing a comprehensive information security team requires a blend of skills to perform the various functions. For smaller companies, a full-time employee for each may not be required. These functions and skills can be grouped into three main levels.
- Strategic Leadership - this is the office of the CISO. Responsible for setting strategy, agreeing on a budget for information security, and reporting to the executive staff on risk metrics and progress against plan. There are also those special customers who are or will be strategic relationships for the organization and may need that special hug of reassurance from a CISO who can talk to them at their level.
- Tactical Leadership - this is often a position such as "principal security analyst." Supervising the operation of the information security team, performance of procedures, and effectiveness of controls. These are the people whose opinions are trusted on a day to day basis without having to escalate every issue. They perform risk assessments, participate in customer calls, perform audits and reviews, and often deliver security training to staff especially developers. This is your powerhouse for developing procedures and policies that will make routine operations run smoothly.
- Security Analysts - here, the rubber meets the road. Crawling through data from a myriad of sources and investigating alerts, filling out customer questionnaires, performing vendor risk management and vulnerability management, and generally monitoring controls and compliance.
To learn more about Security Analyst and vCISO, click here.
.png)
Are you considering a security program for your organization? We work with clients just like you to implement a modern and reliable security program. Read our security program guide to learn what goes into a security program, who needs to be involved, and more to ensure long-term success.Learn More