Cybermanagers and talents wanted
IT professionals being sought for specialist security functions must offer a broader spectrum of competency – in terms of their qualifications and profiles – than pure IT experts. According to MaRisk, bank-internal ISMS frameworks should be developed, regularly maintained and the relevant IS controls (ICS) established and monitored. Executives must also define information security standards and use targeted campaigns and training to introduce them at the company. In addition, special audits and security monitoring require planning and implementation.
Effective prevention work carried out by these specialists includes the planning of potential attack scenarios, such as when research databases might be tapped or processes need to be blocked. For this kind of planning, IT specialists require not merely extensive expertise in programming languages but also an in-depth knowledge of security and networks, cryptography and, of course, familiarity with all common software manufacturers and their products. Certifications like CISM, CISA or CISSP, as well as knowledge of the current safety standards (ISO 2700x, BSI base protection, etc.) are also beneficial. In addition, an IT specialist must also understand the mindset of the hacker in order to (ideally) proactively identify targets and take appropriate countermeasures.
Alongside the theoretical construction of ‘worst case scenarios’, potential loopholes in the entire system need to be traced. These scenarios should also be revisited, not purely from the programming side, but also in terms of attacks on the firewall or other incursions. Considerable risk potential for cyberattacks is now also attributable to ‘social matching’.
Currently, it is difficult to recruit suitable and loyal employees for IT security. Currently, only a few experts are available and it is a workers’ market. The available experts prefer to seek out companies that are technological pioneers and offer the latest standards.
Summary
IT security in the finance sector needs to catch up, especially when it comes to recruitment. Since the subject of IT security concerns all industries and professionals and executives in IT security are rather rare, it is now a workers’ market. Therefore, it makes sense to make compromises with suitable candidates, even if they do not have all the required specialist skills. In addition, it is worth investing in highly qualified staff and continuing education programmes or specialised external recruiters.
Author:
Henning Sander, Head of the Banking Business Unit, Hager Unternehmensberatung
Hager Unternehmensberatung is a partner of Horton International and offers customers at over 40 locations in the globally most important economic regions solutions for issues throughout the working life cycle: Employment Lifecycle Solutions®.
These targeted solutions for the working life cycle are mirrored in our individual divisions: in the placement of the right candidates, the evaluation of staff potential, during training to develop the personal skills of employees and supporting individual change processes.
With over 90 employees in Germany working in small specialist teams, a fully digital workflow and over 20 years of experience in the technology sector as well as other innovative markets, Hager Unternehmensberatung brings together the performance and process quality of the industry’s big names with the speed and flexibility of a start-up.
Hager Unternehmensberatung is one of the top 15 recruiters in the DACH region and the well-known executive search consultancy for digital transformations.
HAGER Executive Consulting GmbH
Zur Charlottenburg 3
60437 Frankfurt
Telefon: +49 (69) 95092-0
Telefax: +49 (69) 95092-111
http://www.hager-consulting.com
Marketing & Kommunikation
Telefon: +49 (69) 95092333
E-Mail: Angela.Keuneke@hager-ub.de