There are two distinct skill sets required for each position: one for the management opening and one for the technical/administrative opening. Generally, the security manager should have a wide security experiential range over many different security areas; managing and implementing data security controls; an in-depth knowledge/understanding of Internal, national and local legislation affecting information security; the ability to develop business plans, develop and implement policies, architecture and strategies; an understanding of the political environment and work within its confines; and the ability to manage people and projects. The security administrator would be responsible for the daily administration of user IDs, system controls, etc., and work primarily with the user community. There are several issues not indicated by your question. Are these start-up positions within an established organization? What would the mission of your department be? You would need to define the department's goals and objectives. How are your company's information assets protected now? Who performs the function currently? It sounds as though there is definite fragmentation and decentralization of security within your organization. Have there been any internal or external audits performed to assist you in this? When audit findings identify security deficiencies, there is an opportunity. Your biggest challenge is to convince your management that a dedicated security function is, indeed, necessary and to have them buy into that function. A selling point to management will probably be illustration that the function is necessary for due diligence and to meet their fiduciary/legal obligations. Depending upon what your industry is, there may also be PDD 63 Compliance and EU Directive issues.
Dig Deeper on Information security policies, procedures and guidelines
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.