Job Description: An IT security manager handles all aspects of IT security, creating and implementing corporate IT security practices and ensuring that employees follow those procedures. This position consists of securing Wi-Fi networks, handling offsite storage of backup tapes, establishing policies for lost laptops and much more. “It was a tough job and it’s gotten tougher,” says Andy Zaleta, partner and coleader of the technology practice in the Americas for executive search firm Battalia Winston International. “It has gotten down to being a huge job.”
Why You Need One: Businesses need a position dedicated to keeping sensitive and important data private. Recent publicized incidents of system hacks, stolen computers and missing CDs, all containing confidential records, demonstrate the need for this job. The vast amount of information corporate IT systems hold requires protection. “Security is just an overall important issue, period,” says Zaleta.
More Hot Jobs
Desired Skills: Five to seven years of IT security experience. Look for candidates with Certified Information Systems Security Professional qualifications. Zaleta sees businesses emphasizing college degrees less for this position. Some are content with an associate degree or military experience; others want workers with a four-year degree.
where to Look: Try the security divisions of large technology companies (Microsoft, IBM) as well as security companies (McAfee, Symantec). Federal intelligence agencies may also prove fertile recruiting ground. The RSA Security conferences, held in the U.S., Japan and Europe, can provide a chance to network with those interested in IT security.
What To Look For: IT security managers need to be aware of internal security threats (employee access to restricted documents), external threats (wireless router hacks), and ad hoc issues (leaving a laptop on a plane). They also must know countermeasures against those risks. Possible hires should be able to express their commitment to security programs, have experience with budgets and know their IT systems in detail. They should also understand that most fraudsters look to exploit the minute weaknesses no one considers. Communication skills are crucial given the need to convey security policies to employees and the possibility of board presentations on overall security preparedness.
Elimination Round: Candidates must be able to describe their current security system and how it is being upgraded. Some may be reluctant to share this. However, the question needs to be addressed to see if the person understands security risks.
Base Salary Range:
$125,000 to $150,000
Growing Your Own: An IT security training program is key to creating a successful in-house candidate, said Zaleta. This program should be coordinated with outside institutions that handle CISSP certifications. Senior management needs to commit to the training. Getting this support can prove challenging because training programs usually get chopped from the budget during spending cuts, Zaleta said. However, only with adequate training does one become fully versed in security issues.