Author: Taylor Armerding / Source: CSO Online
Whatever the role, good communication regarding the duties and expectations of a security professional is key to that person’s success. That communication starts with a solid, thorough job description. It will be an important benchmark when hiring for the role, and a touch point for performance once the candidate is on board. The job description is also a baseline that helps security team managers keep pace as many roles evolve.
Any good job description will spell out the role’s duties and priorities. It also outlines where the role falls in the reporting structure. The job description might also provide the role’s requirements, which could include certifications, skills, experience and education. This series focuses on the duties and requirements, because the priorities and reporting structure will be unique to each company.
In the case of information security architects, the current overall description, while it can vary in the details by industry, is that of a senior-level employee responsible to plan, analyze, design, configure, test, implement, maintain and support an organization’s computer and network security infrastructure that is responsive to changes in regulations and risk. This requires knowing the business – a comprehensive awareness of its technology and information needs – which is used to develop and test security structures to protect its systems.
Key duties
The duties outline the tasks and goals for which the information security architect is responsible. That may vary depending on your company’s needs or industry. They include:
- Design, build and implement enterprise-class security systems for a production environment
- Align standards, frameworks and security with overall business and technology strategy
- Identify and communicate current and emerging security threats
- Design security architecture elements to mitigate threats as they emerge
- Create solutions that balance business requirements with information and cyber security requirements
- Identify security design gaps in existing and proposed architectures and recommend changes or enhancements
- Use current programming language and technologies to writes code, complete programming and performs testing and debugging of applications
- Train users in implementation or conversion of systems
[Related: What it takes to be a security architect]
Skills and competencies
This section outlines the technical and general skills required, as well as any certificates or degrees that a company might expect an information security architect to have.
Key technical skills include:
Five or more years’ experience in:
- Security architecture, demonstrating solutions delivery, principles and emerging technologies – Designing and implementing security solutions. This includes continuous monitoring and making improvements to those solutions, working with an information security team.
- Consulting and engineering in the development and design of security best practices and implementation of solid security principles…
Click here to read more
