Job descriptions and tasks help - Page 2

JKWiniger · ‎12-29-2022

As I am currently in the market for a new position I am faced with how bad IT and security job descriptions are. A director level position that is required to code! That's not right! I am just going to put this out there and see if others support the idea and if enough people to maybe ISC2 will consider it.

I would be interest to see ISC2 come out with a list of job descriptions and the tasks that should be expected of those positions. This can also be a tier list, which would be a good thing, if your company it this size this applies, but as you get bigger move to this model. Some level of standardization on titles and duties I feel would help greatly with the hiring confusion that exists.

On the very basic structure.. wait what, the CISO reports to the CIO or CFO... and the problems begin!

I think having kind of a basic org chart and task chart that can be referenced would go a long way.

Is it just me or do others feel my pain?

John-

emb021 · ‎03-02-2023

Am surprised no one mentioned NIST's NICE framework (NATIONAL INITIATIVE FOR CYBERSECURITY EDUCATION) which combines an integrated ecosystem of cybersecurity education, training, and workforce development.

You can read it all here: https://www.nist.gov/itl/applied-cybersecurity/nice

It contains job descriptions and what the skillset and education is for each one.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, CDPSE, GSLC, GSTRT, GLEG, GSNA, CIST, CIGE, ISSA Fellow