IT Security Sub-Profession Map
Security Job Titles involved within the World of IT SECURITY
There are some Job titles within the world of IT Security. Parts of them are outside the IT department, as described below:

/General Manager
CEO / GM
Responsible for the business results, includingbusiness threats which IT Security its
part of it.
IT Manager
(Chief Information Officer - CIO)
Responsible for all the IT tasks, including the IT >>Security technical and managerial roles and >>activities regarding the IT department.
IT Technical Security
Architecture & Coordinator
Reports to the CIO and responsible for all the >>technical security activities, designing and >>implementing the network, help the specific tools operators and the Operating System operators>to make their security roles properly, >>coordinating between them and the other parts of the organization and the IT Division.
Chief Security Officer - CSO
View security from a business perspective, and have to ensure that business is not disrupted in >any way due to security breaches or threats. >>Many organizations are deputing a separate executive to manage security - CSO reports directly to the CEO, because of potential conflict >>of interest with the CIO.
Company Auditor
Responsible to audit the way other job >>handler's function, to assure that it fits and >>appropriate the company policy and procedures, including the way that the job handlers keep the company assets saved.
  • It becomes more and more common that the CSO reports directly to the CEO. Otherwise, if the CSO reports to the CIO, how can he really control the IT division?

  • On the other hand, if the technical security activities "belong" to the CSO which is not reporting to the CIO, how can the CIO operate the Security activities within his division?

  • In The IT Division, it common to find Infrastructure department, Development department and some more departments like Support and so on.

  • It also common that the Infrastructure department divided to "Communication & Networking (LAN, WAN, WEB etc.) on one hand, and Operating Systems (Windows, Linux etc.) on the other hand.

  • In order to solve the conflict of interest, it's recommended that the CIO will operate the technical security professionals in his division, by his Technical Security Architecture & Coordinator, and the CSO will have the inspection power to control how he acts regarding the IT Security Polices and Procedures.

  • Suggested Security Job Titles Hierarchy