Information Security Policy, Awareness and Compliance Manager

A generic role justification, job description
and candidate specification

By Gary Hinson, October 2009

2 pages plus copyright notice

Description

This is a template or model paper justifying a corporate position for someone to manage the organization’s information security policies, awareness and compliance activities. It briefly describes the key elements of such a job and outlines the characteristics of an “ideal candidate”, in our opinion.

While we sincerely hope this is a useful straw man, it is of course a generic starting point that does not necessarily reflect your specific job needs and/or the personal characteristics of your ideal applicant. Please take the time to reflect on the ideas we present and, if appropriate, blend them in with your particular requirements.

Acknowledgement

The paper was inspired by an item by Ron Woerner at Security Catalyst. We have reorganized and extended Ron’s version by including the compliance aspect.

Download

The paper can be downloaded as a small “read only” Adobe Acrobat PDF . Please contact us if you would prefer the larger but more easily edited MS Word version.