Free ISACA Guide Helps HR Hire Security Managers

Guide provides a comprehensive resource to help those hiring information security mangers identify candidates who can meet the challenges

January 16, 2009

3 Min Read


Rolling Meadows, IL, USA (12 January 2009)—As information security has matured into its own discipline, many new career opportunities have surfaced. To help hiring managers define these job positions and required skills, ISACA—a nonprofit association serving more than 86,000 information security, assurance and IT governance professionals in 160 countries—has published Defining Information Security Manager Position Requirements: Guidance for Executives and Managers, available as a complimentary download at

The guide provides a comprehensive resource to help those hiring information security mangers identify candidates who can meet the challenges of the constantly evolving security profession and myriad regulatory requirements, and who demonstrate business skills.

"Enterprises must recruit professionals with the appropriate skills to ensure that information assets are protected from unauthorized use, systems are available, and the continued integrity of information and processes is assured," said Jo Stewart-Rattray, chair of the ISACA Security Management Committee. "The ISACA guide serves to untangle the complexities of the information security management position and provide specific definitions of information security management responsibilities, knowledge and optimal reporting relationships."

Defining Information Security Manager Position Requirements: Guidance for Executives and Managers is intended to serve as a practical guide to defining career paths and essential attributes of the information security manager position for those involved with information security, including human resource professionals, information security professionals, executives, governing bodies, and boards of directors or trustees. It can be tailored to the specific requirements of an enterprise based on its size, scale, nature, resources, position level and complexity.

Due to the varied backgrounds of information security professionals, an essential element of this report is a diagram of the many pathways by which security professionals have entered and progressed in information security positions.

ISACA conducted extensive research to prepare the report, including a comprehensive global job task analysis survey of approximately 600 information security professionals holding the Certified Information Security Manager (CISM) designation, as well as a working group of information security executives, including more than 100 CISMs. ISACA also conducted the Information Security Career Progression Survey, which generated responses from more than 1,400 CISMs worldwide.

The CISM designation is issued by ISACA and is acknowledged by the International Organization for Standardization (ISO) as one of a select group of information security professional certifications receiving worldwide recognition.

About ISACA With more than 86,000 constituents in more than 160 countries, ISACA ( is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 10,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.

About the IT Governance Institute The IT Governance Institute (ITGI) ( is a nonprofit, independent research entity that provides guidance for the global business community on issues related to the governance of IT assets. ITGI was established by the nonprofit membership association ISACA in 1998 to help ensure that IT delivers value and its risks are mitigated through alignment with enterprise objectives, IT resources are properly managed, and IT performance is measured. ITGI developed Control Objectives for Information and related Technology (COBIT) and Val IT, and offers original research and case studies to help enterprise leaders and boards of directors fulfill their IT governance responsibilities and help IT professionals deliver value-adding services.

Contact: Kristen Kessinger, +1.847.660.5512, [email protected]

Joanne Duffer, +1.847.660.5564, [email protected]


Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights