Information Security Engineer Job Description
With the development of high technologies, means of communication, information protection in all spheres of life is assigned one of the primary roles. This explains the demand for specialists who are able to analyze possible risks of information leakage, develop complex measures to improve and increase the degree of safety of confidential information.
Let's figure out what qualification requirements employees must meet whose responsibilities include protecting information. Let's talk about what should be documented for the personnel responsible for the safety of important information.
The legal basis for the establishment of job requirements
Neither commercial structures nor departmental institutions, taking into account the need to ensure the integrity and confidentiality of data, do not do without employees whose job responsibilities include protecting information.
Labor legislation does not prescribe the requirement to draw up special rules for such workers regulating the procedure for their actions. The duties of a specialist who must ensure the security of information systems, including the installation and maintenance of technical means of protection, can be stipulated in the employment contract concluded upon hiring.
The employer can determine the procedure for the development, amendment and approval of internal requirements for specialists in a separate document.
Qualification characteristics of specialists designed to ensure the protection of information
Employees whose functions are to ensure the safety of information, improve and increase the level of its security, must meet certain requirements established by a single qualification reference book. The document was approved by the Order of the Ministry of Health and Social Development No. 205 of 22.04.2009.
The selection of specialists is carried out according to the following criteria:
- a certain level of professional training of the candidate for the position, passing refresher courses, practical work experience in the specialty;
- knowledge of legislative and legal norms, interdepartmental and local regulations, other documents regulating the procedure for performing work duties, establishing the degree of accessibility of information.
The duties of a specialist to ensure the safety and integrity of confidential information, determined by the qualification characteristics, usually serve as the basis for developing a list of powers and responsibilities.
Responsibilities for the protection, improvement of the system ensuring the safety of information at different levels can be distributed among several employees, specifying which type of information each of the specialists is responsible for.
In this case, one must take into account:
- the specifics of the field of activity;
- features of management, organization of production;
- technical equipment;
- types of information used.
Basic requirements for candidates for the position of information security engineer
A candidate who graduated from a higher educational institution, received a specialized education in a specialty, who knows the basics of technologies that ensure the security of information, will be accepted for an existing vacancy even without work experience.
However, specialists with secondary vocational education can also apply for this position.
They are subject to additional requirements:
- work experience as a 1st category technician at least 3 years;
- experience of replacing specialists in similar positions for 5 years, if work duties included software maintenance, development, implementation of software testing systems and other actions to preserve confidential information.
The principle of developing local legal acts
Since the law does not establish mandatory requirements for the existence of special rules for internal use actions, there are no unified forms for drawing up.
The instruction is developed taking into account the qualification requirements for a specialist in the field of information security, legislative and legal norms. The document is coordinated with the trade union body (if there is one in the organization), the legal service.
As a rule, several sections are distinguished in a document.
General Provisions. In the first part, the level of education and the required work experience for appointment to the position are determined: what a specialist should know and what regulatory acts should be guided by in the process of activity.
These include, for example:
- a list of regulatory and methodological materials related to technical means to ensure the safety of data, taking into account the scope of the organization;
- the procedure for drawing up technical documentation on the use of methods for processing and transferring information, using software and mathematical tools that ensure the protection of classified data;
- rules governing the procedure for carrying out special work.
The next section specifies the main job responsibilities of a specialist, for example, which includes monitoring the functioning and analyzing threats to the information system.
In conclusion, they focus on the rights and obligations of the parties.
In order to be able to prosecute an unscrupulous employee, through whose fault the information became available to unauthorized persons or was destroyed, he must be familiarized with his professional duties under his signature.
No time or resources to work in DLP - turn to outside experts. As part of our cybersecurity outsourcing service, you can transfer part or all of internal control to our specialists.
Competent specialists with the necessary knowledge, raising their qualifications, able to assess possible risks and take measures to protect data, are always in demand in the labor market.