ICT security consultant

Description

ICT security consultants advise and implement solutions to control access to data and programs. They promote a safe exchange of information.

Other titles

The following job titles also refer to ICT security consultant:

IT security expert
IT security consultant
ICT security consultants
information communications technology security consultant
consultant in ICT security activities
IT security advisor
ICT security advisor
information technology security consultant

Minimum qualifications

Bachelor’s degree is generally required to work as ICT security consultant. However, this requirement may differ in some countries.

ISCO skill level

ISCO skill level is defined as a function of the complexity and range of tasks and duties to be performed in an occupation. It is measured on a scale from 1 to 4, with 1 the lowest level and 4 the highest, by considering:

  • the nature of the work performed in an occupation in relation to the characteristic tasks and duties
  • the level of formal education required for competent performance of the tasks and duties involved and
  • the amount of informal on-the-job training and/or previous experience in a related occupation required for competent performance of these tasks and duties.

ICT security consultant is a Skill level 4 occupation.

ICT security consultant career path

Similar occupations

These occupations, although different, require a lot of knowledge and skills similar to ICT security consultant.

ICT consultant
ICT system integration consultant
ethical hacker
ICT security administrator
ICT security manager

Long term prospects

These occupations require some skills and knowledge of ICT security consultant. They also require other skills and knowledge, but at a higher ISCO skill level, meaning these occupations are accessible from a position of ICT security consultant with a significant experience and/or extensive training.

Essential knowledge and skills

Essential knowledge

This knowledge should be acquired through learning to fulfill the role of ICT security consultant.

Information security strategy: The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.
Ict security standards: The standards regarding ICT security such as ISO and the techniques required to ensure compliance of the organisation with them.
Cyber attack counter-measures: The strategies, techniques and tools that can be used to detect and avert malicious attacks against organisations’ information systems, infrastructures or networks.
Ict security legislation: The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.
Organisational resilience: The strategies, methods and techniques that increase the organisation’s capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

Essential skills and competences

These skills are necessary for the role of ICT security consultant.

Manage it security compliances: Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.
Perform risk analysis: Identify and assess factors that may jeopardise the success of a project or threaten the organisation’s functioning. Implement procedures to avoid or minimise their impact.
Keep up with the latest information systems solutions: Gather the latest information on existing information systems solutions which integrate software and hardware, as well as network components.
Provide ict consulting advice: Advise on appropriate solutions in the field of ICT by selecting alternatives and optimising decisions while taking into account potential risks, benefits and overall impact to professional customers.
Develop information security strategy: Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.
Define security policies: Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.
Keep task records: Organise and classify records of prepared reports and correspondence related to the performed work and progress records of tasks.
Report test findings: Report test results with a focus on findings and recommendations, differentiating results by levels of severity. Include relevant information from the test plan and outline the test methodologies, using metrics, tables, and visual methods to clarify where needed.
Manage disaster recovery plans: Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.
Implement ict risk management: Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company’s risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.
Educate on data confidentiality: Share information with and instruct users in the risks involved with data, especially risks to the confidentiality, integrity, or availability of data. Educate them on how to ensure data protection.
Analyse ict system: Study the activity and performance of information systems in order to model their usage and weaknesses, specify purpose, architecture and services and discover operations and procedures for accomplishing them most efficiently.
Execute ict audits: Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.
Execute software tests: Perform tests to ensure that a software product will perform flawlessly under the specified customer requirements, using specialised software tools. Apply software testing techniques and tools in order to identify software defects (bugs) and malfunctions.
Monitor system performance: Measure system reliability and performance before, during and after component integration and during system operation and maintenance. Select and use performance monitoring tools and techniques, such as special software.
Define technical requirements: Specify technical properties of goods, materials, methods, processes, services, systems, software and functionalities by identifying and responding to the particular needs that are to be satisfied according to customer requirements.
Identify ict system weaknesses: Analyse the system and network architecture, hardware and software components and data in order to identify weaknesses and vulnerability to intrusions or attacks.
Verify formal ict specifications: Check capabilities, correctness and efficiency of intended algorithm or system to match certain formal specifications.
Identify ict security risks: Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

Optional knowledge and skills

Optional knowledge

This knowledge is sometimes, but not always, required for the role of ICT security consultant. However, mastering this knowledge allows you to have more opportunities for career development.

Agile project management: The agile project management approach is a methodology for planning, managing and overseeing of ICT resources in order to meet specific goals and using project management ICT tools.
Internet governance: The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.
Web application security threats: The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP (Open Web Application Security Project).

Ict project management methodologies: The methodologies or models for planning, managing and overseeing of ICT resources in order to meet specific goals, such methodologies are Waterfall, Incremental, V-Model, Scrum or Agile and using project management ICT tools.
Ict encryption: The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).
Process-based management: The process-based management approach is a methodology for planning, managing and overseeing of ICT resources in order to meet specific goals and using project management ICT tools.
Lean project management: The lean project management approach is a methodology for planning, managing and overseeing of ICT resources in order to meet specific goals and using project management ICT tools.
Copyright legislation: Legislation describing the protection of the rights of original authors over their work, and how others can use it.
Internet of things: The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).
Ict process quality models: The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

Optional skills and competences

These skills and competences are sometimes, but not always, required for the role of ICT security consultant. However, mastering these skills and competences allows you to have more opportunities for career development.

Manage ict change request process: Specify the incentive for an ICT change request, stating which adjustment in the system needs to be accomplished and execute or supervise the execution of it.
Manage changes in ict system: Plan, realise and monitor system changes and upgrades. Maintain earlier system versions. Revert, if necessary, to a safe older system version.
Create project specifications: Define the workplan, duration, deliverables, resources and procedures a project has to follow to achieve its goals. Describe project goals, outcomes, results and implementation scenarios.
Provide user documentation: Develop and organise the distribution of structured documents to assist people using a particular product or system, such as written or visual information about an application system and how to use it.
Optimise choice of ict solution: Select the appropriate solutions in the field of ICT while taking into account potential risks, benefits and overall impact.
Track key performance indicators: Identify the quantifiable measures that a company or industry uses to gauge or compare performance in terms of meeting their operational and strategic goals, using preset performance indicators.
Ensure proper document management: Guarantee that the tracking and recording standards and rules for document management are followed, such as ensuring that changes are identified, that documents remain readable and that obsoleted documents are not used.
Give live presentation: Deliver a speech or talk in which a new product, service, idea, or piece of work is demonstrated and explained to an audience.
Perform project management: Manage and plan various resources, such as human resources, budget, deadline, results, and quality necessary for a specific project, and monitor the project’s progress in order to achieve a specific goal within a set time and budget.
Lead disaster recovery exercises: Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.

ISCO group and title

2529 – Database and network professionals not elsewhere classified

 

 


 

 

References
  1. ICT security consultant – ESCO
Last updated on August 8, 2022