Cyber Security Governance and Risk Management
Role overview
Cyber Security Governance and Risk Management is the monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks
Role levels
Role expectations
At this role level, you will:
- work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:
- helping with the analysis and derivation of business-supporting security needs
- undertaking cyber Security related risk assessments, basic threat assessments and other risk management activities
- have an understanding of the applicability of appropriate legislation and regulations
- provide advice to address identified cyber Security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
- provide proportionate and contextualised advise for the use case
- provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
- help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team
- support implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs
- monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate
- design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:
- detect malicious activity
- ensure continuous improvement through dashboard monitoring or retrospective assessment
- detect malicious activity
Role expectations
At this role level, you will:
- independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures
- lead the analysis and derivation of business-supporting security needs, undertake cyber security related risk assessments, conduct tailored threat assessment and other
risk management activities, and ensure activities are consistent with applicable regulations and legislation - provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards,
and drawing on a range of experts as well as personal expertise - provide expert security advice that highlights cyber security related risks, so risk or service owners can make well-informed and auditable decisions
Role expectations
At this role level, you will:
- lead and undertake risk management activities against the hardest or most novel scenarios, while applying the fundamental principles of risk management to a range of
complex scenarios, and lead regulatory or legislative compliance activities
- guide and direct specialist activities of others, actively promoting development in the applicable skills, providing leadership to other risk managers, and sharing best practice widely across government, the public sector, and industry
- lead the analysis and derivation of complex security needs
- lead cyber security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s cyber security related governance arrangements
- provide guidance to ensure ongoing confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and
techniques to give continued confidence to the risk, service or system owner
- shape leadership decision-making through:
- effective reporting and communication regarding the effectiveness of security processes across an organisation
- providing recommendations to highly complex problems
- acting as an SME for complex cyber risk management concerns, issues and problems
- effective reporting and communication regarding the effectiveness of security processes across an organisation
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Information risk assessment and risk management | Practitioner | Practitioner | Expert |
| Applied security capability | Practitioner | Practitioner | Practitioner |
| Protective security | Working | Practitioner | Expert |
| Threat understanding | Working | Practitioner | Practitioner |
Core learning
Entry level
CompTIA IT Fundamentals
NIST Cyber Security Professional (NCSP) Foundation Certificate
Management of Risk (M_o_R) Foundation
QACSRM (Certified Security Risk Manager
QACCGIAO (Certificate in Cyber Governance for Information Asset Owners)
Foundation Certificate in Cyber Security
CREST Practitioner Intrusion Analyst (CPIA)
Network Security Foundation
Associate level
CompTIA Security+
Certified ISO 27001 Practitioner
Management of Risk (M_o_R) Practitioner
EC-Council Certified SOC Analyst
Lead level
Certified in Risk and Information Systems Control (CRISC)
CREST Registered Intrusion Analyst (CRIA)
SEC501: Advanced Security Essentials – Enterprise Defender
GIAC Certified Enterprise Defender (GCED)
Principal level
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics
Automating Administration with Windows PowerShell