Author: Jeremy Bergsman / Source: cebglobal.com
High demand and a limited pool of people with the right skills and experience make information security staffing a perennial challenge.
Further complicating things is the fact that information security teams have not yet adapted to their changing role in digitizing companies. Digitization requires security staff to play a more diverse range of roles to meet a wider spectrum of demand from the rest of the firm.
In this new digital age, an organization’s success or failure will depend on its ability to take smart risks with new technologies. Thus, having the right kind of security staff not only protects organizations’ most valuable assets in such a threat-filled environment but also helps with the implementation of business strategies and, ultimately, enables growth.
As innovation and security become increasingly linked, senior IT managers must change how they hire and develop information security staff. Job titles and spans of responsibilities will vary, but focusing on the critical role requirements will help determine changes to existing security roles or adding some completely new roles. So far, CEB analysis shows 10 new roles that are starting to emerge in companies around the world.
Product security specialists/managers
Context: As more and more industries embrace digitization in the form of internet-connected products and services, incorporating the right security controls is essential to meeting external customer needs and regulatory requirements, as well as avoiding costly data breaches.
Key responsibilities: Design security for the company’s products and services by supporting product teams in the R&D phase and stewarding security capabilities in customer-facing products and services. In certain industries, this role may take the shape of designing and maintaining security for operational technology and related areas (e.g., SCADA systems and telephony).
Skills profile: This role requires a blend of traditional security skills with non-traditional skills such as customer experience, financial analyses, market research, project management, and product development.
Sales and customer support
Context: Sales professionals aren’t typically equipped to handle clients’ growing data security and privacy concerns, which results in extended sales cycle times and client dissatisfaction.
Key responsibilities: Explain your company’s security efforts to clients, build or modify controls in response to client needs, or otherwise support the sales process. At times, this may extend to dedicated security support for small clients and end customers to improve goodwill.
Skills profile: This role requires a good understanding of the security processes and the sales lifecycle, along with excellent communication skills.
Security service manager
Context: The shift of the IT operating model to a product-focused approach, has led to a rising number of executive teams mulling over whether to sell information security services. In this model, Security creates simplified self-service risk management processes with consultative support for high risk activities.
Key responsibilities: Ensure the end-to-end delivery of security as a service to the rest of the business.
Skills profile: Running a service, whether it is a traditional IT service or security, is like running a business, so security service managers need a mix of entrepreneurship, business savvy, and communication and marketing competencies.
Security marketing and communications manager
Context: As the pace of change in attack methods increases, security’s tools will always lag behind, which means employees’ behavior is more important now than ever.
Cybersecurity’s rising prominence in the organization also means that CIOs and CISOs are almost permanently discussing security efforts and priorities with a diverse range of colleagues and people outside the firm. All of which means, there is far more support required for creating presentation materials with clear, concise messages.
Key responsibilities: Increasing security’s brand and driving awareness throughout the organization.
Click here to read more