Responsibilities

Monitor organization’s networks for security breaches and investigate when one occurs

Use and maintain software, such as firewalls and data encryption programs, to protect sensitive information

Check for vulnerabilities in computer and network systems

Research the latest information technology (IT) security trends

Prepare reports that document general metrics, attempted attacks, and security breaches

Develop security standards and best practices for their organization

Recommend security enhancements to management or senior IT staff

Help computer users when they need to install or learn about new security products and procedures

Help in SOC 2 Certifications

Requirements and skills

Experience in risk, compliance and information security policy development.

Excellent organizational and communication skills (both oral and written).

Strong interpersonal skills and the ability to effectively communicate with a wide range of individuals and constituencies in a diverse community.

Knowledge of  IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).

General knowledge of information security regulatory requirements and standards such as ISO 27001/2