The Information Security careers family sits within the Information Technology practice area. An example career pathway could take you from Security Analyst to Head of Risk and Governance.
What is Information Security
Many of the skills used when working in information security are already cover by other job families. If you are going to be a security architect, then you probably want to start by looking at the skills in the “strategy and architecture” family. Likewise, if you think you might be interested in working in as a Security Analyst then you should probably start off by reading up on the skills outlined in Delivery and Operation.
There are a huge range of different roles within Information Security, looked at closely there are perhaps ten different roles within the UCL security team due to differences in grade and focus of responsibility. However, for ease of presentation we have grouped all the roles into two broad categories Security Operations and Governance, Risk and Compliance. Some people will be firmly in one job family and others will have a blend of skills from both families.
Security Operations
SecOps is the skills family that most people probably think of first when security comes up. These are the people who monitor systems, respond to alerts, scan for vulnerabilities, and want to have copies of your log files. Jobs in this family include Security Analyst, Senior Security Analyst, Security Operation Centre Manager, Vulnerability Manager and Penetration TesterGovernance, Risk and Compliance
Traditionally GRC covers drafting policies, setting standards, helping an organisation to understand security risks, and auditing and tracking compliance. Jobs in this family include Risk Assessor, Auditor, Security Trainer, Security Awareness Coordinator and Security Architect.