Develop organisational strategies and policies by analysing the impact of internal and external influencing factors and seeking consultation from relevant stakeholders.
Level 1 (Follow)
Level 2 (Assist)
Level 3 (Apply)
- Develop resource allocation plans and implement strategies and policies.
- Explains the purpose of and provides advice and guidance on the application and operation of elementary physical, procedural and technical security controls.
- Performs security risk, vulnerability assessments, and business impact analysis for medium complexity information systems.
- Investigates suspected attacks and manages security incidents.
- Uses forensics where appropriate.
Level 4 (Ensure)
- Formulate the strategies and policies that are forward-looking and focus on bottom line results.
- Provide advice and guidance on security strategies to manage identified risks and ensure adoption and adherence to standards.
- Obtain and act on vulnerability information and conduct security risk assessments, business impact analysis and accreditation on complex information systems.
- Investigate major breaches of security, and recommend appropriate control improvements.
- Contribute to the development of information security policy, standards and guidelines.
Level 5 (Strategise)
- Build actionable organisation strategy plans and policies that are forward-looking, anticipate strategic risks and focus on bottom line results.
- Develop and communicate corporate information security policy, standards and guidelines.
- Contribute to the development of organisational strategies that address information control requirements.
- Identify and monitor environmental and market trends and pro-actively assess impact on business strategies, benefits and risks.
- Lead the provision of authoritative advice and guidance on the requirements for security controls in collaboration with experts in other functions such as legal and technical support.
- Ensure architectural principles are applied during design to reduce risk and drive adoption and adherence to policy, standards and guideline.
- Direct the development, implementation, delivery and support of an enterprise information security strategy aligned to the strategic requirements of the business