Job responsibilities and qualification requirements for managers and information security specialists. Job description of the leading specialist of the information security department Functional duties of an information security specialist

Monitoring and analysis of the state of the company's information technology protection systems, preparation of recommendations for their improvement;
development and implementation of policies and regulations to ensure the protection of information;
preparation and implementation of technical solutions for information security;
control of the technical condition of information security systems, timely elimination of emerging technical problems;
monitoring compliance by all categories of users with information security requirements;
advising and training employees on measures to ensure information security;
analysis of reports on cases of unauthorized access, development of methods to combat violations;
participation in information infrastructure modernization projects, equipment purchases.

Salary and requirements of employers

The average salary of an information security specialist in Moscow is 80,000 rubles, in St. Petersburg - 64,000 rubles, in Volgograd - 38,000 rubles, in Voronezh - 40,000 rubles, in Yekaterinburg - 51,000 rubles, in Kazan - 40,000 rubles, in Krasnoyarsk - 46,000 rubles, in Nizhny Novgorod - 44,000 rubles, in Novosibirsk - 50,000 rubles, in Omsk - 40,000 rubles, in Perm - 46,000 rubles, in Rostov -on-Don - 45,000 rubles, in Samara - 46,000 rubles, in Ufa - 40,000 rubles, in Chelyabinsk - 46,000 rubles.

Applicants with incomplete higher education, technical or IT, can apply for the position of an information security specialist. Candidates must know the legal framework, guidelines, state standards in the field of information security, as well as encryption standards, basic information security technologies, modern software and hardware information protection. Salary offers for specialists without work experience in this position in Moscow start from 35,000 rubles. , in St. Petersburg - from 28,000 rubles.

The second salary range is for information security specialists with at least 1 year of work experience. Applicants are also required to have skills in setting up and configuring modern information security solutions (firewalls, attack detection and prevention systems, etc.) and experience in information security auditing. Salary offers for applicants who meet the specified requirements in Moscow range from 50,000 to 70,000 rubles, in the city on the Neva - from 40,000 to 55,000 rubles.

Specialists in information security with higher education and work experience of more than 2 years are entitled to a higher salary. Also in demand is experience in developing regulations and security policies, experience in investigating external and internal incidents in the field of information security. Specialists with work experience of 2 years or more earn up to 100,000 rubles in Moscow. , in the Northern capital - up to 80,000 rubles.

Candidates with at least 3 years of experience as an information security specialist can count on the maximum income. Information security certification is required. It also requires experience in implementing information security systems in large corporate networks and experience in designing exclusive systems and methods for protecting information. The maximum salary for information security specialists in Moscow is 150,000 rubles. , in St. Petersburg - 120,000 rubles.

Applicant portrait

The majority of candidates for the position of an information security specialist are men (87%). Applicants under 30 years old - 60%. 93% of applicants have higher education. 14% of information security professionals are fluent in English.

Blog embed code

Information Security Specialist

In January 2016, the research center of the Superjob portal studied the offers of employers and the expectations of applicants for the position of "Information Security Specialist" in 15 cities of Russia. Read more...

Job description and job responsibilities of the chief information security specialist.

1. GENERAL PROVISIONS

1.1. This job description defines the functional duties, rights and
responsibility of the Chief Information Security Specialist of the enterprise (options: OJSC,
CJSC, LLC, institution, organization).
1.2. Chief Information Security Officer appointed and dismissed
from office in accordance with the procedure established by the current labor legislation by order
enterprise director.
1.3. The Chief Information Security Officer reports directly to the Director
enterprises (options: OJSC, CJSC, LLC, institutions, organizations).
1.4. A person is appointed to the position of Chief Information Security Officer,
having a higher professional (technical) education and work experience in defense
information.
1.5. The Chief Information Security Officer must know:
- legislative and regulatory legal acts on the state (service,
commercial) secret; regulatory and methodological materials on issues related to
ensuring the protection of information; development prospects, specialization and directions
activities of an institution, organization, enterprise (options: OJSC, CJSC, LLC, institutions,
organization) and its divisions; the nature of the interaction of departments in the process
economic activities of the enterprise (options: OJSC, CJSC, LLC, institutions, organizations)
and the procedure for passing official information; complex protection organization system
information valid at the enterprise (options: OJSC, CJSC, LLC, institution,
organizations); prospects and directions for the development of technical and software-mathematical
means of information protection; methods and means of control of protected information, detection
information leakage channels, organization of technical intelligence; planning methods and
organization of scientific research, development, performance of work on the protection
information; the procedure for concluding contracts for special studies and
checks, works on protection of technical means of transmission, processing, display and storage
information; domestic and foreign experience in the field of technical intelligence and protection
information; fundamentals of economics, organization of production, labor and management; rules and regulations
labor protection.
1.6.

We bring to your attention a typical example of a job description for a chief information security specialist, a sample of 2019. should include the following sections: general position, job responsibilities of the chief information security specialist, rights of the chief information security specialist, responsibility of the chief information security specialist.

Job description of the chief information security specialist belongs to the section Industry-wide qualification characteristics of the positions of employees employed at enterprises, institutions and organizations".

The job description of the chief information security officer should reflect the following items:

Responsibilities of the Chief Information Security Specialist

1) Job responsibilities. Manages the implementation of work on the comprehensive protection of information in the industry, enterprise, institution, organization, ensuring the effective application of all available organizational and engineering measures in order to protect information constituting a state secret. Participates in the development of technical policy and determination of the prospects for the development of technical means of control, organizes the development and implementation of new technical and software-mathematical means of protection that exclude or significantly impede unauthorized access to official information constituting a state or commercial secret. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of regulatory, technical and methodological documents on information protection and the fulfillment of these requirements. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems. Participates in the creation of secure information technologies that meet the requirements of comprehensive information protection. Organizes scientific research in the field of improving information security systems and increasing their efficiency. Performs the whole complex (including especially complex) of work related to the control and protection of information, based on the developed programs and methods. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, in the course of research and development related to the creation and production of special products (products) necessary for work to ensure the protection of information. Ensures the coordination of ongoing organizational and technical measures, the development of methodological and regulatory materials and the provision of the necessary methodological assistance in carrying out work to protect information, assess the technical and economic efficiency of the proposed and implemented organizational and technical solutions. Organizes work on the collection and systematization of the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on assessing the technical and economic level and effectiveness of the developed information protection measures. Leads the work on summarizing data on the need for technical and software-mathematical means of protecting information, control equipment, drawing up applications for the manufacture of these means, organizing their receipt and distribution among the objects of protection. Promotes the dissemination of best practices and the introduction of modern organizational and technical measures, means and methods of information protection in order to increase its effectiveness. Provides control over compliance with the requirements of regulatory and technical documentation, over compliance with the established procedure for performing work, as well as the current legislation when resolving issues related to information security. Coordinates the activities of departments and specialists in information security in the industry, at the enterprise, in the institution, organization.

The Chief Information Security Officer should know

2) The chief information security specialist in the performance of his duties must know: legislative and regulatory legal acts on state secrets; documents defining the main directions of economic and social development of the industry; regulatory and methodological materials on issues related to information security; prospects for development, specialization and activities of the institution, organization, enterprise and their divisions; the nature of interaction between departments in the process of research and development and the procedure for passing official information; a system for organizing complex information protection, operating in the industry, institution, organization, enterprise; prospects and directions of development of technical and software - mathematical means of information protection; methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence; methods of planning and organization of scientific research, development, performance of work on information protection; the procedure for concluding contracts for the conduct of special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information; domestic and foreign experience in the field of technical intelligence and information protection; fundamentals of economics, organization of production, labor and management; labor protection rules and regulations.

Requirements for the qualification of the chief information security specialist

3) Qualification requirements. Higher professional (technical) education and work experience in information security for at least 5 years.

1. General Provisions

1. The chief information security officer belongs to the category of managers.

2. A person with a higher professional (technical) education and at least 5 years of work experience in information security is accepted as the chief information security specialist.

3. The chief information security specialist is hired and dismissed _______ (director, leader) organizations on the submission of _________ (position).

4. The chief information security officer must know:

• legislative and regulatory legal acts on state secrets;
• documents defining the main directions of economic and social development of the industry;
• regulatory and methodological materials on issues related to information security;
• prospects for development, specialization and activities of the institution, organization, enterprise and their divisions;
• the nature of interaction between departments in the process of research and development and the procedure for passing service information;
• a system for organizing complex information protection, operating in the industry, institution, organization, enterprise;
• prospects and directions of development of technical and software-mathematical means of information protection;
• methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence;
• methods of planning and organization of scientific research, development, performance of work on information protection;
• the procedure for concluding contracts for the conduct of special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information;
• domestic and foreign experience in the field of technical intelligence and information protection;
• fundamentals of economics, organization of production, labor and management; labor protection rules and regulations.

5. In his activities, the chief information security specialist is guided by:

• the legislation of the Russian Federation,
• Charter (regulations) of the organization,
• orders and orders ________ (general director, director, manager) organizations,
• this job description,
• The internal labor regulations of the organization.

6. The chief information security specialist reports directly to: ________ (position).

7. During the absence of the chief information security specialist (business trip, vacation, illness, etc.), his duties are performed by the person appointed ________ (position) of the organization in the prescribed manner, who acquires the appropriate rights, duties and is responsible for the performance of the duties assigned to him .

2. Job responsibilities of the chief information security specialist

Chief Information Security Specialist:

1. Manages the implementation of work on the comprehensive protection of information in the industry, enterprise, institution, organization, ensuring the effective application of all available organizational and engineering measures in order to protect information constituting a state secret.

2. Participates in the development of technical policy and determination of prospects for the development of technical means of control, organizes the development and implementation of new technical and software-mathematical means of protection that exclude or significantly hinder unauthorized access to official information constituting a state or commercial secret.

3. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of normative-technical and methodological documents on information security and the fulfillment of these requirements.

4. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems.

5. Participates in the creation of secure information technologies that meet the requirements of comprehensive information protection.

6. Organizes research work in the field of improving information security systems and increasing their efficiency.

7. Performs the whole range (including especially complex) of work related to the control and protection of information, based on the developed programs and methods.

8. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, in the course of research and development related to the creation and production of special products (products) necessary for work to ensure the protection of information.

9. Ensures the coordination of ongoing organizational and technical measures, the development of methodological and regulatory materials and the provision of the necessary methodological assistance in carrying out work to protect information, assess the technical and economic efficiency of the proposed and implemented organizational and technical solutions.

10. Organizes the work on collecting and systematizing the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on assessing the technical and economic level and the effectiveness of the developed information protection measures.

11. Leads the work on summarizing data on the need for technical and software-mathematical means of protecting information, control equipment, drawing up applications for the manufacture of these means, organizing their receipt and distribution among the objects of protection.

12. Promotes the dissemination of best practices and the introduction of modern organizational and technical measures, means and methods of information protection in order to increase its effectiveness.

13. Provides control over compliance with the requirements of regulatory and technical documentation, compliance with the established procedure for performing work, as well as the current legislation when resolving issues related to information protection.

14. Coordinates the activities of departments and information security specialists in the industry, at the enterprise, in the institution, organization.

3. Rights of the Chief Information Security Officer

The Chief Information Security Officer has the right to:

1. Submit proposals for management consideration:

• to improve the work related to the duties provided for in this instruction,
• on the encouragement of distinguished workers subordinate to him,
• on bringing to material and disciplinary liability employees who violated production and labor discipline.

2. Request from structural divisions and employees of the organization the information necessary for him to perform his duties.

3. Get acquainted with the documents that define his rights and obligations in his position, the criteria for assessing the quality of performance of official duties.

4. Get acquainted with the draft decisions of the organization's management regarding its activities.

5. Require the management of the organization to provide assistance, including the provision of organizational and technical conditions and execution of the established documents necessary for the performance of official duties.

6. Other rights established by the current labor legislation.

4. Responsibilities of the Chief Information Security Officer

The Chief Information Security Officer is responsible for the following:

1. For improper performance or non-performance of their official duties provided for by this job description - within the limits established by the labor legislation of the Russian Federation.

2. For offenses committed in the course of their activities - within the limits established by the current administrative, criminal and civil legislation of the Russian Federation.

3. For causing material damage to the organization - within the limits established by the current labor and civil legislation of the Russian Federation.

Job description of the chief information security specialist - sample 2019. Job responsibilities of the chief information security specialist, rights of the chief information security specialist, responsibility of the chief information security specialist.

In modern enterprises, the information security system can fail and become vulnerable, which entails large financial losses. The profession of "specialist in information security" includes in the scope of duties the restriction of access by unauthorized persons and the observance of other necessary measures.

Job responsibilities of a specialist

Enterprises are turning to technology to ensure the security of information. To do this, the most important materials are encrypted. Moreover, it is not the system administrator who has the password and the key to access them, but the security service. Business units exchange information over encrypted channels. Information located in mail systems or business applications is protected by special systems that protect against leaks. But in addition to technical methods, it is also important

Graduates of universities who have received the profession of "specialist in information security" sometimes incorrectly rely only on their own strengths and acquired knowledge. In practice, they have to enlist the support of all employees of the organization and study the resources of the information system entrusted to them. The specialist is obliged to create models of alleged threats and anticipate possible information leaks. To do this, he must know the objective value of commercial information, the characteristics of the local network, computers and connected equipment. At the same time, the information protection specialist is obliged to monitor the status of software, updates and operating systems installed on office computers. His area of ​​interest also includes a detailed study of the job descriptions of the employees of the organization, this is necessary to assess and identify a potential violator.

You need to know that information, as a rule, must be prepared and processed in order to apply expert judgment to it. With the help of the approval list, responsibility for the quality of the document being developed is distributed among expert experts. Meetings on individual issues with the head of the enterprise are very useful. As a rule, an information security specialist is included in various commissions related to the protection of information and personal data.

It is important that the information security specialist coordinates his actions with the security service. These two structures are inseparable and complement each other. After all, the means used by the security of the enterprise - access control, alarm, video surveillance - serve to protect information. Data that is in security systems, such as a database of passes, video surveillance records, must be protected from

With lawyers, an information security engineer communicates just as closely as with information technology specialists. They can provide invaluable assistance in legal coverage of issues, suggest how to understand individual articles of laws.

Legal basis of the issue

Specialists involved in the protection of information in the field of business rely in their work on the Federal Law adopted in 1995. Changes were made in 2003. It regulates the main relationships that arise during the creation, storage and distribution

The job responsibilities of a specialist described in this material allow us to conclude that information protection is a set of actions to identify it, collect it, expert assessment and ensure confidentiality, which excludes its leakage.

1. GENERAL PROVISIONS

1.1. This job description defines the functional duties, rights and responsibilities of the Chief Information Security Specialist of the enterprise (options: OJSC, CJSC, LLC, institution, organization).

1.2. The chief information security specialist is appointed to the position and dismissed in accordance with the procedure established by the current labor legislation by order of the director of the enterprise.

1.3. The chief information security specialist reports directly to the director of the enterprise (options: OJSC, CJSC, LLC, institutions, organizations).

1.4. A person with a higher professional (technical) education and work experience in information security is appointed to the position of Chief Information Security Specialist.

1.5. The Chief Information Security Officer must know:

Legislative and regulatory legal acts on state (official, commercial) secrets; regulatory and methodological materials on issues related to information security; prospects for development, specialization and activities of an institution, organization, enterprise (options: JSC, CJSC, LLC, institutions, organizations) and its divisions; the nature of the interaction of divisions in the course of the economic activity of the enterprise (options: OJSC, CJSC, LLC, institutions, organizations) and the procedure for passing official information; a system for organizing complex information protection operating at the enterprise (options: OJSC, CJSC, LLC, institution, organization); prospects and directions of development of technical and software-mathematical means of information protection; methods and means of controlling protected information, identifying information leakage channels, organizing technical intelligence; methods of planning and organization of scientific research, development, performance of work on information protection; the procedure for concluding contracts for conducting special studies and inspections, work on the protection of technical means of transmission, processing, display and storage of information; domestic and foreign experience in the field of technical intelligence and information protection; fundamentals of economics, organization of production, labor and management; labor protection rules and regulations.

1.6. During the temporary absence of the Chief Information Security Specialist, his duties are assigned to ___________________.

2. FUNCTIONAL RESPONSIBILITIES

Note. The functional responsibilities of the Chief Information Protection Specialist are determined on the basis and to the extent of the qualification characteristics for the position of the Chief Information Protection Specialist and can be supplemented, clarified when preparing the job description based on specific circumstances.

2.1. Supervises the implementation of work on the comprehensive protection of information in the industry, at the enterprise (options: OJSC, CJSC, LLC, institution, organization), ensuring the effective application of all available organizational and engineering measures for protection constituting a state secret.

2.2. Participates in the development of technical policy and determination of prospects for the development of technical means of control, organizes the development and implementation of new technical and software-mathematical means of protection that exclude or significantly impede unauthorized access to official information constituting an official, state or commercial secret.

2.3. Participates in the review of technical specifications for product designs, research and development work to be protected, monitors the inclusion in them of the requirements of regulatory, technical and methodological documents on information security and the fulfillment of these requirements.

2.4. Prepares proposals for inclusion in the plans and work programs of organizational and engineering measures to protect information systems.

2.5. Participates in the creation of secure information technologies that meet the requirements of comprehensive information protection.

2.6. Organizes research work in the field of improving information security systems and increasing their efficiency.

2.7. Performs the whole complex (including especially complex) of work related to the control and protection of information, based on the developed programs and methods.

2.8. Organizes the collection and analysis of materials on possible channels of information leakage, including through technical channels, in the course of research and development related to the creation and production of special products (products) necessary for work to ensure the protection of information.

2.9. Ensures the coordination of ongoing organizational and technical measures, the development of methodological and regulatory materials and the provision of the necessary methodological assistance in carrying out work to protect information, assess the technical and economic efficiency of proposed and implemented organizational and technical solutions.

2.10. Organizes work on the collection and systematization of the necessary information about the objects to be protected and protected information, provides methodological guidance and control over the work on assessing the technical and economic level and the effectiveness of the developed information protection measures.

2.11. Leads the work on summarizing data on the need for technical and software-mathematical information security tools, control equipment, drawing up applications for the manufacture of these tools, organizes their receipt and distribution among the objects of protection.

2.12. Promotes the dissemination of best practices and the introduction of modern organizational and technical measures, means and methods of information protection in order to increase their effectiveness.

2.13. Provides control over compliance with the requirements of regulatory and technical documentation, compliance with the established procedure for performing work, as well as the current legislation when resolving issues related to information security.

2.14. Coordinates the activities of departments and specialists in information security in the industry, at the enterprise, in the institution, organization.

3. RIGHTS

The Chief Information Security Officer has the right to:

3.1. To give instructions to subordinate employees and services, tasks on a range of issues included in his functional duties.

3.2. Control the implementation of planned targets and work, the timely execution of individual orders and tasks of subordinate services.

3.3. Request and receive the necessary materials and documents related to the activities of the Chief Information Security Specialist, his subordinate services and divisions.

3.4. Enter into relationships with departments of third-party institutions and organizations to resolve operational issues of production activities that fall within the competence of the chief information security specialist.

3.4. Represent the interests of the enterprise in third-party organizations on issues related to the production activities of the enterprise.

4. RESPONSIBILITY

The Chief Information Security Officer is responsible for:

4.1. The results and efficiency of the enterprise's production activities in terms of compliance with information security measures.

4.2. Failure to ensure the fulfillment of their functional duties, as well as the work of the enterprise's subordinate services on issues of production activities.

4.3. Inaccurate information about the status of execution of work plans of subordinate services.

4.4. Failure to comply with orders, orders and instructions of the director of the enterprise (options: OJSC, CJSC, LLC, institutions, organizations).

4.5. Failure to take measures to suppress the identified violations of safety regulations, fire safety and other rules that pose a threat to the activities of the enterprise, its employees.

4.6. Failure to ensure compliance with labor and performance discipline by employees of subordinate services and personnel subordinate to the Chief Information Security Specialist.

5. RIGHT TO SIGN. WORKING CONDITIONS

5.1. The exclusive area of ​​activity of the Chief Information Security Specialist is to ensure the planning and organization of the production activities of the enterprise.

5.2. To ensure his activities, the chief information security specialist is given the right to sign organizational and administrative documents on issues that are part of his functional duties.

5.3. The mode of operation of the Chief Information Security Specialist is determined in accordance with the Internal Labor Regulations established at the enterprise.

5.4. Due to operational needs, the Chief Information Security Specialist may go on business trips (including local ones).

5.5. To resolve operational issues related to the provision of production activities, the Chief Information Security Specialist may be assigned a company vehicle.

Other instructions in the section: