Security risk management underpins everything we do as an industry, it drives strategy and security management at an overview level, whilst mandating granular details such as technical controls and configurations. Leading with policies and procedures, this functions shapes the overall direction of an organisation’s approach to security.
Governance and compliance ensures the effective operational implementation of security strategies. Through assurance and assessment, it provides accountability for the real world execution of an information security management system (ISMS). Risks and compliance gaps identified through audits are addressed and remediated.
Security intelligence provides analytics on the data produced by the events occurring within an organisation’s network. Through a combination of real-time monitoring and data analysis, a more contextual and accurate insight is provided on the threats and risks to the company. Such responsiveness means security operations are able to detect and manage incidents more effectively, whilst understanding the nature of the attacks and actors themselves.
Responsible for the development and management of technical infrastructure and controls that reinforce security strategy. Covering everything from architecture to implementation and configuration, technical security encompasses multiple domains such as networks, applications, middleware, and databases.
Often a 24/7/365 capability that is responsible for the ‘who, what, and how’ of security incidents, and is involved throughout the lifecycle of a breach. Using a range of data and intelligence feeds, teams must detect and handle events to minimise impact, whilst also often performing triage and evidence collection.
Provide technical expertise alongside sales processes, consulting on and mapping technology against business objectives. Works closely with prospects and clients to scope the solution/service, input in to design, and to cross the divide between technical and non-technical teams and stakeholders.
Sales & Marketing
The commercial arm of a vendor or consultancy/SI, will work to build and implement sales and marketing strategies against broader business objectives. Roles often involve direct sales, but also encompass developing channel partner networks, and inputting in to product and service development.
Often positioned at board level, this is the strategic leadership of a business. Can vary across CISOs in end users, practice leads and partners in consultancies, and MD/CEO within vendors. Tasked with developing the roadmap the organisation will take either in its commercial objectives, or in ensuring appropriate security measures are in place.