This page contains the different roles within the GRC CyberSecurity Risk Assessment path. Choose the relevant role you want to learn about. You can also enter the “Professional Path” (coming soon) to access the relevant skills and resources. đ
Execution (Run). Internal impact.
The role represents the most common professional entry-point knowledge for this career stream.
Works under direct supervision. Executes basic tasks and projects.
Commits to and completes tasks within the expected time frames, holding themselves accountable. Ability to succeed, plan for outcomes and execute plans in order to meet personal targets and objectives.
Works collaboratively in a team and communicates in meetings.
Learns and relates to the department and company’s culture and proactively trying to practice it.
Execution & Suggestion of improvements (Run indepndantly & build). Team impact.
The role applies broad professional knowledge of theory and principles.
Works almost independently on issues of diverse scope under a general definition of the requirements. Executes advanced tasks and handles complex issues & projects.
Has ownership on their processes/projects and of non-critical aspects in the domain. Makes an impact with short-term and long-term complex processes and projects.
Collaborates with his own team and others in order to execute cross-department tasks. Communicates some of the domain needs internally and externally.
Behaviors:
Familiar with the department and company’s culture and is able to communicate it and act according to it.
Improvement and creation of new processes (build & improve productivity). Cross-teams impact.
The role demonstrates mastery in applying theories, principles, concepts and methodologies to innovative solutions.
Works fully independently on issues of diverse scope. Acts as a focal point to all complex issues in his domain.
Has ownership over critical aspects in the domain. Makes a significant impact with short-term and long-term complex processes and projects.
Leads the communication about cross-department tasks. Defines the domain needs and communicates them within the domain and with other internal and external stakeholders.
Well established with the company culture and values and able to identify and realign misalignments.
Creation of new processes (Build & improve efficiency). Cross-groups impact.
An integral part in defining the teamâs strategic vision, goals and prioritization.
The most professional function in the team, handles the most complex challenges and issues in the domain.
Owns and lead the most critical aspects in the domain. Has a strategic point of vie of the domain, and impacts the domain roadmap and planning.
Lead the communication about cross-department tasks.
Well established with the company culture and values and able to identify and realign misalignments.
Holistic team management and leadership of an entire domain in a group.
Transforming company vision into security goals:
Architecture and design:
Risk management:
Strategic planning:
Continuous improvement:
Holds the entire team complexity from end to end. Can provide solutions and guidance on all aspects within the domain. Typically leads an entire domain within a group, typically up to 6 engineers.
Drives the impact driven approach in the team, makes every iteration count and that everyone works on the most impactful tasks. Manages to inspire their team through planning, context building and setting aspirational goals.
Team communication engine. Leads discussions by sharing clear and concise intents.
Accountable for creating and driving culture manifestation within a team.
Creates a deep level of maturity both in their direct and non-direct reports. Affects other roles and disciplines inside and outside their domain.
Transforming company vision into security goals:
Architecture and design:
Risk management:
Strategic planning:
Continuous improvement:
Leading complex IT projects, across teams and sites.
Creates an impact-first culture via leadership, inspiration and mentorship within and without the group. Leads the group to deliver meaningful impact, consistently.
Effective collaboration, communication, and leadership without authority are critical skills for senior security managers.
Collaboration and cross-group collaboration are critical skills for senior security managers. Here are some examples of how these skills can be applied to address security risks and drive success in the organization:
Foster collaboration between different security teams within the organization.
Example: Encourage the network security team and the application security team to work together to identify and address security risks that exist at the intersection of network and application security.
Collaborate with other organizations in your industry to identify and address common security risks.
Example: Collaborate with a group of peers from other organizations in your industry to share insights and best practices for addressing security risks.
Controls the details. Donât just manage their team from the âhigh levelâ but get their hands dirty. Brings a contagious âcan-doâ approach to the day to day and drives a winner state of mind.