Importance Of Having An Information Security Program Manager Position In The Organization

Task-1: Convince the director board

It is very important for the board of directors of VSpace Tours of having a dedicated Information Security Program Manager Position in the organization as it is alone not possible for the Chief Information Security Officer of the company to handle all security related operations of the company. As opined by Hwang and Choi (2017) the Information Security Program Manager will assist the Chief Information Security Manager regarding the management of all information system security of the company. The Information Security Program Manager of the company will serve as the expert on cybersecurity protection, detection, response and recovery.

As stated by Cao and Pan (2014) the Information Security Program Manager of the company will be expected to play the role of a technical security manager in the organization who will be typically in charge of the system and the teams who manages those systems. The Information Security Program Manager will be entrusted with the responsibility of looking after the firewall, data leakage protection system, encryption, vulnerability, data leakage protection system, international business system and pen testing.

According to Muhammad Siddique Ansari (2016) the Information Security Program Manager will be also playing the role of a program security manager who will be responsible for evaluation of risks associated with various vendors, analysing the contracts of the vendors, analysing the terms of service of various vendors, helping various teams of the company to understand the risks which are associated with third party and helping them understand the importance of data privacy in the absence of the Chief Information Security Officer.

As stated by Cecez-Kecmanovic, Kautz and Abrahall (2014) it is very important from the point of view of the company to have a dedicated Information Security Program Manager who will responsible in monitoring internal and external policy compliance in the company so as to ensure that both the vendors and the employees of the company are working within the framework of a policy which was agreed upon. The Information Security Program Manager will be responsible for monitoring regulation compliance as it is very important for the company to ensure that they follow all the regulatory frameworks in a regulated business environment.

Also it is also not advisable for the company to keep a single individual in charge in the form of a CISO, who will be responsible for performing all information security roles ranging from planning to implementation of new policies, measures and technologies in the company. As stated by Lee, Park and Lee (2015) therefore the appointment of an Information Security Program Manager in the organization will help in reducing the burden of the CISO which will enable him to plan better policies and the entire responsibility of implementing such policy, measures or technologies will be vested on the Information Security Program Manager recruited by the company.

As opined by Mccarthy, O’raghallaigh, Fitzgerald and Adam (2018) it remains the responsibility of the CISO of the company to document and develop a security incident response program in order to ensure that a plan of action is in place if any incident of security breach takes place in the company but it is the responsibility of the Information Security Program Manager of the company to ensure that the security incident response plan is thoroughly tested and every high level manager of the company is aware about the own responsibilities during such incident. Therefore it is very important for the company to appoint an Information Security Program Manager in the company to assist the CISO in ensuring top level information technology security.

Task-2: Identify job security requirements

There are various mandatory requirements which will be checked for the recruiting role of Information Security Program Manager in VSpace Tours in order to comply with the Protective Security Policy Framework imposed by the Australian federal government. According to Dages, Zimmer and Jones (2017. in order to recruit an Information Security Program Manager in VSpace Tours the company needs to fulfil the core requirements and supporting requirement guidelines imposed by the Protective Security Policy Framework. The following security checks are needed to be conducted by VSpace Tours in order to comply with the PSPF framework and recruit candidates in the company.

• Identity Check- An identity check helps in establishing confidence regarding an individual’s identity and provides the company with a level of assurance about the prospective employee.
• Eligibility to Work in Australia- This security check helps in conforming whether an individual is eligible to work in Australia. This security check requires conformation that the prospective employee holds an Australian citizenship and in case he does not it is necessary to confirm that the individual holds a valid work visa to work in Australia.
• Employment History Check- The employment history check helps in checking and identifying if there are un-explained gaps anomalies in the employment record of the prospective employee.
• Residential History Check- The residential history check helps in substantiating the identity of a prospective employee in the community and it is required for all interested employees provide evidence of their current permanent residential address.
• Referee Check- A referee check helps the company in engaging individuals of the appropriate quality, suitability and integrity.
• National Police check- According to Marshall, Milligan-Saville, Mitchell, Bryant and Harvey (2017)the National police check helps involves processing of an individual biographic details in order to determine whether the detail of the individual matches with any other individual who may have past criminal convictions. It is also known as criminal history or police record check.
• Credit History Check- The credit history check helps in analysing whether a prospective employee has a financial default history or is in a financial unstable situation or there re question regarding the financial health of the prospective employee.
• Qualification check- The qualification check helps in verifying the qualifications of a prospective employee with the issuing authority of the qualifications.
• Conflict of interest check- According to Stroup (2014)the conflict of interest check helps in identifying various conflicts, both real and perceived regarding the employment of the individual and their private, professional business interests that could influence the performance of their official duties in a negative manner and thus their ability to safeguard the resources of the Australian Government.
• Entity Specific checks- The entity specific checks helps companies to mitigate various types of security risks which are not addressed by the above mentioned security checks by undertaking additional checks based on the individual.

The selection criteria for the recruiting role in Information Security Program Manager are as follows:

Education and Professional qualifications:

• Bachelor of Science in computer engineering, electrical engineering, computer science or in a closely related IT or other cyber security discipline.
• In depth-knowledge of Knowledge of practical applications of engineering science and technology to different security related designs and systems implementations.
• Designing and maintenance of large and complex networks such as WAN and LAN and of other associated hosts.
• Development of future cyber defence architecture programs.
• Active SCI/TS with Poly.
• As stated by Zafar, Ko and Osei-bryson (2016)system development lifecycle, program management and process methodology which are related to areas such as governance, engineering, management and operations with sound experience in supporting different project activities at operations and engineering review boards.
• According to Karanja and Rosso (2017)minimum of 6 years’ of progressively responsible experience in security and risk management, asset security, security engineering, network and communication security, access and identity management, security operations, security assessment and testing and software development security including experience in IC and hands on experience with the requirements of ICD 503 and other related risk management framework requirements.

Desired Requirement:

• Sound knowledge of and hands on experience with the Program Management Framework of different clients.
• Sound knowledge of the legal aspects which are associated with the above mentioned activities such as knowledge of the various regulatory and legal frameworks of the government of Australia such as The Electronics Transactions Act 1999. Electronic Transactions Regulations 2000, Privacy Amendment Bill 2016 and the Privacy Act 1988.

Essential Functions:

Physical Requirement- The job position involves extended periods of sitting and standing and the physical requirements of the job role includes sitting, walking, standing and access to remote structures.

Work Environment- The individual must be ready to travel to other work areas and follow the necessary safety requirements for those areas besides working in various locations of the company. The individuals must complete their work in safe manner which abides by the safety standards of the company.

Equipment and Machines- Computer work is must for every individual. Besides computer systems, the individuals must have hands on experience in working with scientific calculators, printers, fax machines, scanners, telephone and filing cabinets.

Attendance- Attendance and punctuality is a vital requirement of the company from the individuals and at times overtimes may be required.

Other Essential Function- As opined by Marks (2016) the interested individuals must be able to communicate in an effective manner with all levels of the organization and must be able to embrace change in the organization. The individual must work under pressure in order to meet the deadline requirements of the company and must not possess a safety risk or hazard to other employees of the company.

References:

Cao, Y., and Pan, J. (2014). The Study of Network Information System Security Strategy Based on Trusted Cloud Computing. Applied Mechanics and Materials, [Online] 571-572, 400–403. Available: doi:10.4028/www.scientific.net/AMM.571-572.400 Accessed as on 2/10/2018

Cecez-Kecmanovic, D., Kautz, K., and Abrahall, R. (2014). Reframing Success and Failure of Information Systems: A Performative Perspective. MIS Quarterly, [Online] 38(2), 561–588. Available: doi:10.25300/MISQ/2014/38.2.11 Accessed as on 2/10/2018

Dages, K., Zimmer, S., and Jones, J. (2017). Pre?employment risk screening: Comparability of integrity assessment technology platforms. International Journal of Selection and Assessment, [Online] 25(4), 390–400. Available: doi:10.1111/ijsa.12193 Accessed as on 2/10/2018

Hwang, K., and Choi, M. (2017). Effects of innovation-supportive culture and organizational citizenship behavior on e-government information system security stemming from mimetic isomorphism. Government Information Quarterly, [Online] 34(2), 183–198. Available: doi:10.1016/j.giq.2017.02.001 Accessed as on 2/10/2018

Karanja, E., and Rosso, M. A. (2017). THE CHIEF INFORMATION SECURITY OFFICER: AN EXPLORATORY STUDY. Journal of International Technology and Information Management, [Online] 26(2), 23-47. Available at- doi: 10.1108/ICS-02-2016-0013Accessed as on 2/10/2018

Lee, J., Park, J., andLee, S. (2015). Raising team social capital with knowledge and communication in information systems development projects. International Journal of Project Management, [Online] 33(4), 797–807. Available at doi:10.1016/j.ijproman.2014.12.001 Accessed as on 2/10/2018

Marks, M. (2016). Strategic challenges for chief information officers: How IT aligns with business strategy (Order No. 10256371). Business Premium Collection. [Online] Available at-https://search.proquest.com/docview/1880572821?accountid=30552Accessed as on 2/10/2018

Marshall, R., Milligan-Saville, J., Mitchell, P., Bryant, R., and Harvey, S. (2017). A systematic review of the usefulness of pre-employment and pre-duty screening in predicting mental health outcomes amongst emergency workers. Psychiatry Research, [Online] 253, 129–137. Available at doi:10.1016/j.psychres.2017.03.047Accessed as on 2/10/2018

Mccarthy, S., O’raghallaigh, P., Fitzgerald, C., and Adam, F. (2018).Social complexity and team cohesion in multiparty information systems development projects. Journal of Decision Systems, [Online] 27, 18–31. Available at doi:10.1080/12460125.2018.1462992 Accessed as on 2/10/2018

Muhammad Siddique Ansari. (2016). INFORMATION SYSTEM SECURITY (CYBER SECURITY). Jurnal Informatika, [Online] 2(1). Available at-https://doaj.org/article/66b5d379420242cfa06bdef19b1ffa91Accessed as on 2/10/2018

Stroup, J. W. (2014). The current mind-set of federal information security decision-makers on the value of governance: An informative study (Order No. 3611414). Business Premium Collection. [Online]  Available at- https://search.proquest.com/docview/1501935215?accountid=30552Accessed as on 2/10/2018

Zafar, H., Ko, M. S., andOsei-bryson, K. (2016). The value of the CIO in the top management team on performance in the case of information security breaches. Information Systems Frontiers, [Online] 18(6), 1205-1215. Available at- doi: https://dx.doi.org/10.1007/s10796-015-9562-5 Accessed as on 2/10/2018