The role of the IT Security manager is a recent one and many are grappling with how to define it. A decade or so ago, security was just a name and no special significance was attached to it. It is not the case today. Today, the IT Security manager is an important person in the organization.
These are some personal qualities that a successful security manager will possess:
An ideal IT Security manager will have a proper mix of education and experience to start with. The CISSP, CISA, CEH and other GIAC certifications are great to have. It is said that “Knowledge is power” and more the amount of information in this developing field the better it is for the professional.
Other advantageous tools to have in the personal arsenal might be a good amount of networking experience. Other must haves for the Security manager should be that she/he must definitely be technically very sound and knowledgeable in all aspects related to technology.
Additional traits to become a successful IT manager can be defined as follows:
- Must be able to lead the way. The first and foremost amongst the important qualities for an Information Security manager should be that he/she must be a charismatic leader. He/she must be able to able to lead the entire team with a broad vision on the long-term impact on the organization. Having a pleasant demeanor and always being a good listener are other crucial personal special traits necessary for a successful Security manager. Visioning the security scenario five years hence or ten years hence helps the planning process a little bit better.
- Enable management to understand Information Security issues. Since Information Security is still not considered a major component of today’s infrastructure, it is the duty of the IT Security manager to help the management understand the Information Security issues within an organization. If there is information, it must be protected. If there are physical assets, it must be protected.
The manager helps the top-level management understand the information security risks and how they correspond to the business risks of an organization. Communication skills are a key asset to the manager here and he/she will explain the risks to all levels of the management. Once the risks have been identified, appropriate countermeasures have to be devised. These countermeasures have to be devised in such a way that their cost is below the cost of the asset they are trying to protect.
- Information Security manager should be aligned with business objectives of an organization
Before creating information security controls, it is important for the manager to devise security controls aligning with the business objectives of an organization. The information security unit of an organization and the overall business of the organization have to work in tandem. Only when the business objectives and security objectives work together they will be able to protect the resources and assets of the organization.
- Information Security manager should be able to bridge the gap between upper management and peers. It is also important for the security manager to bridge the gap between the upper management and peers. While it is crucial for the security manager to emphasize the importance of security issues to upper management, the same has to be communicated to the peers. Prioritizing tasks, sticking to budgets and making sure appropriate security controls are implemented are also equally important for the security manager.
- The IT Security manager should make sure that all aspects of the Information security program are followed. Last but not the least security manager should make sure that security education is an ongoing program and it is continually updated. It is the security manager’s duty to ensure that an information security program is diligently followed. Failure to do will result in great losses to assets to the organization.
If all these tips seem to be a fairy list of qualities to have, then it is important for an ideal and successful Security manager to target the qualities that they do not possess and work on it. It is said that “Impossible is nothing” and working towards a goal with a firm objective will definitely bring success.