Decision to move into Enterprise Security Governance?
There is an position that will be opening up over the next couple of weeks under the Information Security department particularly under "Network Security Governance". From what I've gathered from the discussion I had with the hiring manager, this is what understood as:
- Reviewing and managing whats in the Firewall Request Queue - BAU and Project requests (e.g. teams requesting to have X communication flows opened for their project or troubleshooting an issue ad hoc)
- Being tagged to projects that require a Network Security Governance resource to ensure that what their proposing for their project aligns with the Company's policy and risk tolerance form a network perspective; this can be short term or long term of a project
- Providing feedback to how to implement mitigating or compensating controls against the identified risk in the audit finding / vulnerability assessment on network i
- It's less of a technical role vs a business role but will still need a good grasp of the technology that you're dealing with i.e. NSX micro-segmentation
Have any of you folks been in this similar role (Enterprise Security Governance) and what did you think about it?
Context: I've been in my role for about a year and have my management's backing to head into Cybersecurity/Information Security department but just want to make sure that I'm making an informed decision (whether to jump now or to wait a little for when a more technical role pops up). Obviously there would be a varietal factors involved i.e. whether I would still like to trek down the technical path vs management or veer towards the business side of Information Security. But in all, I think I would like to deal with more of the technical vs the management side because I'm still early in my career. Thanks!