Chief Information Security Officer

1. General characteristics of the profession

The person who manages the implementation of work on the integrated protection of information in the industry, in the enterprise.

2. Official duties

Participates in the development of technical policy and the determination of the prospects for the development of technical means of control, organizes the development and implementation of new technical and mathematical software protection, eliminating or significantly impeding unauthorized access to official information constituting official, state or commercial secrets. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of normative-technical and methodological documents on the protection of information and the implementation of these requirements. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems. Participates in the creation of secure information technologies that meet the requirements of comprehensive information protection. Organizes research in the field of improving information protection systems and improving their effectiveness. Performs the full range of (including particularly complex) work related to the control and protection of information, based on the developed programs and techniques. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, when conducting research and development related to the creation and production of special products (products) necessary to carry out work to ensure the protection of information. It provides coordination of organizational and technical measures, development of methodological and regulatory materials and the provision of necessary methodological assistance in information protection, assessment of technical and economic effectiveness of proposed and implemented organizational and technical solutions. Organizes the work on the collection and systematization of the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on the assessment of the technical and economic level and the effectiveness of the information protection measures developed. He leads the work on the compilation of data on the need for technical and software and mathematical means of information protection, control equipment, preparation of applications for the manufacture of these tools, organizes their receipt and distribution between objects of protection. It contributes to the dissemination of best practices and the introduction of modern organizational and technical measures, means and ways to protect information in order to increase their efficiency. It provides control over compliance with the requirements of regulatory and technical documentation, compliance with the established procedure for the performance of work, as well as current legislation in deciding issues related to information security. Coordinates the activities of departments and information security specialists in the industry, enterprise, institution, organization.

3. Qualification requirements

Higher professional (technical) education and work experience in information protection.