Difference between information security manager and IT security manager?

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
Much of a difference between the two or does it depend on the company your working for? Just wondered as in my workplace the goalposts
seem to shift quite often when patch mgmt, vuln mgmt, pen testing etc comes up. What responsibilities would you say should sit within each role?

Also for anyone in these roles currently what are you covering on a daily basis for above roles?



  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    eddo1 wrote: »
    or does it depend on the company your working for?
    This is pretty much the answer with all titles between companies, it just depends on the company, especially with something as close as that. If you have both at your company I could see the infosec one being more policy and testing and the IT one being more patching, firewalls, IDS, but again, everyone will be different.
  • SoCalGuy858SoCalGuy858 Member Posts: 150 ■■■□□□□□□□
    Purely a difference in the mindset of whomever created the position at the time. There is no set standard at any level. I've seen IT Risk and Compliance Associates who were some of the most highly technical SOC experts, while I've also seen Senior Network Security Engineers who were purely non-engineer, paper-pushing, box-checking types... and didn't know their way around a firewall to save their life.

    Apply the same concept to titles and seniority levels. All companies are different. The true understanding of a job lies in its description, and even then, you can't be too sure!
    LinkedIn - Just mention you're from TE!
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    yeah i thought as much each company to their own, im not sure though if that makes it easier or more difficult moving on to another job?
    what do you think?
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    experience matters. when someone applies for a job i usually don't give much credit to the job title they're coming from as much as what kind of knowledge/experience/passion they're bringing with them
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    I had a job that called me their ISSO, which I guess technically is true, but pretty misleading on what my duties were. Job titles don't mean anything.
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    Technically, there is a difference between IT Security and Information Security. "Information Security" encompasses things outside the scope of IT, such as the handling, storage and transit of information. These things could be done by IT, not not 100% of the time.
    In practice, it's a blurry line. I'm sure someone with the job title of "IT Security Manager" might be called on to look at issues that may/may not be purely IT. It really depends on the organization & the role. Titles are just bullsh!t half the time.
Sign In or Register to comment.