Information Security Policy, Awareness and Compliance Manager
A generic role justification, job description
and candidate specification
By Gary Hinson, October 2009
2 pages plus copyright notice
This is a template or model paper justifying a corporate position for someone to manage the organization’s
information security policies, awareness and compliance activities. It briefly describes the key elements of such a job and outlines the characteristics of an “ideal candidate”, in our opinion.
While we sincerely hope this is a useful straw man, it is of course a generic starting point that does not
necessarily reflect your specific job needs and/or the personal characteristics of your ideal applicant. Please take the time to reflect on the ideas we present and, if appropriate, blend them in with your particular
The paper was inspired by an item by Ron Woerner at Security Catalyst. We have reorganized and extended
Ron’s version by including the compliance aspect.
The paper can be downloaded as a small “read only” Adobe Acrobat PDF . Please contact us if you would
prefer the larger but more easily edited MS Word version.