The development of China’s economy and international presence comes with an increased awareness and emphasis on information security in recent years. This trend has created a demand for information security talents to serve the needs of organizations in today’s business environment. In the current talent market, there are several types of Information Security Human Resources. It is essential for organizations to understand their information security needs before hiring as each talent is equipped with different skillsets.
Connect with Charlie on LinkedIn!
This article is written by Charlie Zhang - Consultant, IT Practice. He has 5 years of Executive Search experience. He specialize in Corporate IT functions including IT Upper Management, AI / BI Professionals, Security Officer, and ERP / CRM.
Types of Information Security Officers/ Engineers
1. In-house IT Operations Background
Information Security personnel of this background specialize in security configuration and operations of internal IT infrastructure elements such as server, firewall and network. Besides that, their daily responsibilities also include monitoring IT security logs, incidents and vulnerability scanning.
This group of talents are suitable for organizations who do not require intensive information security measures to be put in place. Organizations who are of level 1 and 2 according to Information Security Grading in China will be appropriate. With that being said, Information Security Officers with in-house IT operations background will be sought in every organization to coordinate and deliver tasks in adherence to security governance.
2. Information Security Governance & Audit Background
Talents of this background are usually officers or managers from big consulting firms. Their expertise lies in Information Security Governance & Audit abiding by security laws & regulations such as ISO 27000, GDPR and SOX.
The expertise and experience of this group of talents will be suitable for group-size companies who require well-establish and robust security system in their daily business operations. This group of people can suit Enterprise Governance, Risk Management and Compliance requirement.
3. Security Architect, Application Security Engineer Background
Security Architects are experts in Infrastructure, Big Data and Microservice security. They are able to design sophisticated security architecture to meet the demands of big companies. On the other hand, Application Security Engineers are experts of Network Attack, Defense and Penetration Test.
Most of the Information Security Professionals who fall into this category are working in Information Security consulting firms and big internet companies who requires robust Application Security.
4. IoT Product Security Background
They are skillful in handling industrial regulations & standards of IoT products. For example, smart household appliances and IoV (Internet of Vehicles).
That’s to say, these talents will be sought after by IoT/IoV product companies and their related components vendors.