Information Security Officer Job Descriptionposted by John Spacey, December 08, 2012
The Information Security Officer (ISO) has primary responsibility for security across an organization.
Develops and delivers a comprehensive information security and privacy program.
Ensures that the organization's information technology resources are appropriately protected from unauthorized destruction, alteration and access.
Prudently manages security to ensure that it's accomplished in a manner that's consistent with business strategy and execution.
Oversees security governance.
Develops and implements security strategy, policies and procedures.
Develops and maintains an organizational structure that identifies responsibilities and authority for information security across all IT services.
Develops and implements a security policy communication and training strategy.
Communicates regular security reports and metrics.
Actively advocates security awareness across the extended organization.
Audit & Compliance
Stays abreast of the latest information security and privacy laws, regulations and best practices.
Provides oversight and audit of security initiatives.
Provide security oversight and audit of IT projects and operations.
Complies with the law and adheres to the highest standards of ethical business conduct.
Stays abreast of the latest information security threats and vulnerabilities.
Develops and delivers a comprehensive information security risk assessment program.
Recommends and implements methods and tools to identify and manage vulnerabilities and threats.
Develops and delivers a comprehensive incident response system.
Provides oversight of incident response activities and manages incident communication to the organization.
Acts as a liaison with law enforcement agencies in their efforts to investigate any violation of information security and privacy laws.
How many zebras are there in the United States?|
Never hire an employee without this quick sanity check.|
A back-to-basics reality check: should you hire this project manager?|
Organizations shouldn't punish honest failure. Strategies, programs, projects, processes and objectives fail — even when everyone is giving their best.|