Difference between information security manager and IT security manager?

chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
in IT Jobs / Degrees
Much of a difference between the two or does it depend on the company your working for? Just wondered as in my workplace the goalposts
seem to shift quite often when patch mgmt, vuln mgmt, pen testing etc comes up. What responsibilities would you say should sit within each role?

Also for anyone in these roles currently what are you covering on a daily basis for above roles?

Cheers
· Share on FacebookShare on Twitter

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    eddo1 wrote: »
    or does it depend on the company your working for?
    This is pretty much the answer with all titles between companies, it just depends on the company, especially with something as close as that. If you have both at your company I could see the infosec one being more policy and testing and the IT one being more patching, firewalls, IDS, but again, everyone will be different.
    · Share on FacebookShare on Twitter
  • SoCalGuy858SoCalGuy858 Member Posts: 150 ■■■□□□□□□□
    Purely a difference in the mindset of whomever created the position at the time. There is no set standard at any level. I've seen IT Risk and Compliance Associates who were some of the most highly technical SOC experts, while I've also seen Senior Network Security Engineers who were purely non-engineer, paper-pushing, box-checking types... and didn't know their way around a firewall to save their life.

    Apply the same concept to titles and seniority levels. All companies are different. The true understanding of a job lies in its description, and even then, you can't be too sure!
    LinkedIn - Just mention you're from TE!
    · Share on FacebookShare on Twitter
  • chickenlicken09chickenlicken09 Member Posts: 537 ■■■■□□□□□□
    yeah i thought as much each company to their own, im not sure though if that makes it easier or more difficult moving on to another job?
    what do you think?
    · Share on FacebookShare on Twitter
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    experience matters. when someone applies for a job i usually don't give much credit to the job title they're coming from as much as what kind of knowledge/experience/passion they're bringing with them
    · Share on FacebookShare on Twitter
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    I had a job that called me their ISSO, which I guess technically is true, but pretty misleading on what my duties were. Job titles don't mean anything.
    · Share on FacebookShare on Twitter
  • mbarrettmbarrett Member Posts: 397 ■■■□□□□□□□
    Technically, there is a difference between IT Security and Information Security. "Information Security" encompasses things outside the scope of IT, such as the handling, storage and transit of information. These things could be done by IT, not not 100% of the time.
    In practice, it's a blurry line. I'm sure someone with the job title of "IT Security Manager" might be called on to look at issues that may/may not be purely IT. It really depends on the organization & the role. Titles are just bullsh!t half the time.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.