#1 Information systems security manager (ISSM)
The ISSM is really the gatekeeper. Their role is to guarantee the security and integrity of the company’s information systems. To do that, they define, implement and monitor the information security policy. In concrete terms, they coordinate with the different departments to identify potential threats, devise preventive action plans and ensure compliance with the security rules.
An ISSM must be multi-talented, with strong IT architecture expertise, solid organisational ability and excellent communication skills, given that the role also involves managing change. ISSM are therefore thin on the ground and highly sought-after in industry!
#2 Pentester
The role of the pentester is to assess the security of corporate information systems by actively seeking out vulnerabilities. Pentesters are in effect ethical hackers, simulating attacks to identify security failings in the information system. The end goal is of course to deploy corrective actions to strengthen the security and resilience of the system.
A pentester often needs to use tools such as Splunk, Qradar or Qualys to carry out in-depth audits and must be continually alert to new methods of attack.
#3 Cybersecurity architect
The role of the cybersecurity architect is simple: to design a solid and effective structure to protect the information systems against cyberattacks. Cybersecurity architects make sure the company’s technology choices are workable and durable, taking account of new threats that continue to appear.
They are often involved in selecting and configuring security resources such as firewalls, intrusion detection systems, access and identity management systems and so on. They work closely with the technical teams to set up the recommended safety measures.
A good cybersecurity architect is necessarily an experienced professional, which makes them both rare and desirable across the market and hence difficult for companies to source.
#4 Identity and Access Management (IAM) expert
IAM experts are responsible for managing access and identifiers. As part of this role, they define user authentication and identification processes and policies, alongside access control mechanisms to guarantee that only authorised people can access sensitive systems and data.
To do this, they implement technological solutions such as identification directories, identity management systems, strong authentication mechanisms, tools to manage rights and privileges, etc. They also set up procedures to regularly review access and revoke access rights where necessary.
They often have to master specific identity management solutions such as Usercube or OKTA, giving them niche expert status.
#5 Network and security engineer
This is one of the more typical cybersecurity roles, frequently sought by employers. Network and security engineers are responsible for implementing the information system security policy by rolling out, configuring and managing large quantities of network and security software packages and equipment.
This covers, for example, the set-up of firewalls, intrusion detection systems, access and identity management, network traffic monitoring and the application of security patches.
#6 Data encryption expert
Specialists in cryptology, data encryption experts protect sensitive information by converting it into a format unreadable to unauthorised persons.
They have to know how to design, implement and assess the data security needs of the organisation and identify areas requiring encryption. They then need to deploy robust encryption algorithms and protocols. Finally, they have to develop key management strategies, including the generation, distribution, secure storage and regular rotation of the keys.
This is a demanding job that requires in-depth technical skills and proficiency in highly specific programming languages. Such profiles are rare on the market!
