ICT resilience manager

ICT resilience managers research, plan and develop models, policies, methods, techniques and tools that enhance an organisation’s cyber security, resilience and disaster recovery.

The following job titles also refer to ICT resilience manager:

vulnerability manager
manager for vulnerability
manager for IT resilience
IT resilience manager
ICT resilience managers
disaster recovery manager
manager for disaster recovery

Bachelor’s degree is generally required to work as ICT resilience manager. However, this requirement may differ in some countries.

ISCO skill level is defined as a function of the complexity and range of tasks and duties to be performed in an occupation. It is measured on a scale from 1 to 4, with 1 the lowest level and 4 the highest, by considering:

• the nature of the work performed in an occupation in relation to the characteristic tasks and duties
• the level of formal education required for competent performance of the tasks and duties involved and
• the amount of informal on-the-job training and/or previous experience in a related occupation required for competent performance of these tasks and duties.

ICT resilience manager is a Skill level 4 occupation.

These occupations, although different, require a lot of knowledge and skills similar to ICT resilience manager.

ICT disaster recovery analyst
ICT security manager
telecommunications manager
ICT operations manager
ICT security consultant

These occupations require some skills and knowledge of ICT resilience manager. They also require other skills and knowledge, but at a higher ISCO skill level, meaning these occupations are accessible from a position of ICT resilience manager with a significant experience and/or extensive training.

This knowledge should be acquired through learning to fulfill the role of ICT resilience manager.

Internal risk management policy: The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.
System backup best practice: The procedures related to preparing for recovery or continuation of technology infrastructure vital to an organisation.
Organisational resilience: The strategies, methods and techniques that increase the organisation’s capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.
Cyber security: The methods that protect ICT systems, networks, computers, devices, services, digital information and people against illegal or unauthorised use.
Ict recovery techniques: The techniques for recovering hardware or software components and data, after failure, corruption or damage.

These skills are necessary for the role of ICT resilience manager.

Manage it security compliances: Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
Manage system security: Analyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and implement effective countermeasures.
Develop information security strategy: Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.
Comply with legal regulations: Ensure you are properly informed of the legal regulations that govern a specific activity and adhere to its rules, policies and laws.
Analyse business processes: Study the contribution of the work processes to the business goals and monitor their efficiency and productivity.
Manage disaster recovery plans: Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.
Implement ict risk management: Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company’s risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.
Execute ict audits: Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.
Analyse the context of an organisation: Study the external and internal environment of an organisation by identifying its strengths and weaknesses in order to provide a base for company strategies and further planning.
Lead disaster recovery exercises: Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.
Perform security vulnerability assessments: Execute types of security testing, such as network penetration testing, wireless testing, code reviews, wireless and/or firewall assessments in accordance with industry-accepted methods and protocols to identify and analyse potential vulnerabilities.
Develop contingency plans for emergencies: Compose procedures outlining specific actions to be taken in the event of an emergency, taking into account all the risks and dangers that could be involved, ensuring that the plans comply with safety legislation and represent the safest course of action.
Implement ict recovery system: Create, manage and implement ICT system recovery plan in case of crisis in order to retrieve information and reacquire use of the system.
Identify ict security risks: Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

This knowledge is sometimes, but not always, required for the role of ICT resilience manager. However, mastering this knowledge allows you to have more opportunities for career development.

Ict network security risks: The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.
Human-computer interaction: The study of the behaviour and interaction between digital devices and human beings.
Business process modelling: The tools, methods and notations such as Business Process Model and Notation (BPMN) and Business Process Execution Language (BPEL), used to describe and analyse the characteristics of a business process and model its further development.
Ict system user requirements: The process intended to match user and organisation’s needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.
Ict process quality models: The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

These skills and competences are sometimes, but not always, required for the role of ICT resilience manager. However, mastering these skills and competences allows you to have more opportunities for career development.

Manage budgets: Plan, monitor and report on the budget.
Advise on strengthening security: Provide information and guidance to clients on how to prevent security threats and incidents.
Define security policies: Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.
Provide cost benefit analysis reports: Prepare, compile and communicate reports with broken down cost analysis on the proposal and budget plans of the company. Analyse the financial or social costs and benefits of a project or investment in advance over a given period of time.
Apply procurement: Undertake ordering of services, equipment, goods or ingredients, compare costs and check the quality to ensure optimal payoff for the organisation.
Coordinate technological activities: Give instructions to colleagues and other cooperating parties in order to reach the desired outcome of a technological project or achieve set goals within an organisation dealing with technology.
Analyse business requirements: Study clients’ needs and expectations for a product or service in order to identify and resolve inconsistencies and possible disagreements of involved stakeholders.
Perform project management: Manage and plan various resources, such as human resources, budget, deadline, results, and quality necessary for a specific project, and monitor the project’s progress in order to achieve a specific goal within a set time and budget.
Build business relationships: Establish a positive, long-term relationship between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.
Train employees: Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.

2529 – Database and network professionals not elsewhere classified

 

 

---

 

 

References

1. ICT resilience manager – ESCO