Security Programme Management
Develop and manage security solutions, products and services through technology innovation, experimentation and collaboration. This includes security programme planning, developing and testing new security capabilities and implementing security technologies and programmes.
Level 1 (Follow)
Level 2 (Assist)
Level 3 (Apply)
- Detail the security requirements for system architecture components and implement security programmes.
- Establish processes for maintaining the security of information throughout its existence.
- Establish and maintain security operating procedures in accordance with security policies, standards and procedures.
- Coordinate penetration testing on information processes against relevant policies.
- Assess and respond to new technical, physical, personnel or procedural vulnerabilities.
- Manage implementation of information security programmes, and co-ordinate security activities across the organisation.
Level 4 (Ensure)
- Manage large-scale secure system initiatives and collaborations with programmers to develop new security solutions and capabilities.
- Securely configure information and communications equipment in accordance with relevant security policies, standards and guidelines.
- Maintain security records and documentation in accordance with Security Operating Procedures.
- Administer logical and physical user access rights.
- Monitor processes for violations of relevant security policies (e.g. acceptable use, security, etc.).
Level 5 (Strategise)
- Spearhead new, complex or revolutionary security programmes, and integrate a suite of enterprise-wide security programmes into a cohesive security architecture.
- Develop and implement procedures for responding to and stabilising the situation following an incident or event.
- Establish and manage a security emergency operations centre to be used as a command centre during an emergency.
- Mount pre-plan and coordinate plan exercises, and evaluate and document plan exercise results.
- Verify that the plan will prove effective by comparison with a suitable standard, and of reporting results in a clear and concise manner.
- Establish applicable procedures and policies for coordinating continuity and restoration activities with external agencies while ensuring compliance with applicable statutes or regulations.
- Coordinate, evaluate, and exercise plans to communicate with internal stakeholders, external stakeholders and the media.