Skip to content
ESCO occupation

cybersecurity risk manager

Back to ESCO occupations

Cybersecurity risk managers identify, analyse, assess, estimate and mitigate cybersecurity-related risks of ICT infrastructures such as systems or services. They manage these aspects by planning risk analysis, applying, reporting, assessing, communicating, and treating them. They establish a risk management strategy for the organisation and ensure that risks remain at an acceptable level for the organisation by selecting mitigation actions and controls.

2529.8 ISCO 2529 ESCO source
Competences
72
Groups
5
Essential
22
Optional
50

Competences and skills

72 ESCO relations
Essential competences 1 competence

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

0 competences

No competences in this bucket.

Cross-sector

0 competences

No competences in this bucket.

Essential knowledge 13 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

9 competences
attack vectors

Paths or methods that threat actors use to exploit vulnerabilities in information networks or systems from a concrete organisation and impact its availability, integrity and confidentiality. Attack vectors may include social engineering tactics such as phishing mails or pretexting, technical exploits as SQL injection as well as buffer overflow attacks.

digital
ESCO source
cyber attack counter-measures

Methods, technologies and techniques used to defend (detect, monitor and recover) against cyber attacks. These cyber attacks include several attack vectors such as malware, denial of service (DoS) attacks and phishing. Intrusion prevention systems (IPS), firewall, antivirus, intrusion detection systems (IDS), cybersecurity training, backup, Information Security Management System (ISM), multi-factor authentication and employ awareness, are some examples of the methods used.

digital
ESCO source
cyber security

The methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.

digital
ESCO source
ethical hacking principles

The set of actions that are carried out to detect vulnerabilities within a computerised system in order to improve security within an organisation. They aim to identify and address data breaches and threats in a network.

digital
ESCO source
ICT network security risks

The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.

digital
ESCO source
ICT performance analysis methods

The methods used to analyse software, ICT system and network performance which provide guidance to root causes of issues within information systems. The methods can analyse resource bottlenecks, application times, wait latencies and benchmarking results.

digital
ESCO source
ICT security standards

Best practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementing effective security controls, including access control, risk assessment and incident management, as well as to provide compliance of anorganisation.

digital
ESCO source
information security strategy

The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

digital
ESCO source
internal risk management policy

The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.

digital
ESCO source

Cross-sector

4 competences
assessment of risks and threats

The security documentation and any security-related communications and information.

digital
ESCO source
risk management

The process of identifying, assessing, and prioritising of all types of risks and where they could come from, such as natural causes, legal changes, or uncertainty in any given context, and the methods for dealing with risks effectively.

ESCO source
security engineering

Interdisciplinary field of study that focuses on the realisation of secure systems and the technology to protect individuals or information from malice, errors, or unauthorized access. It involves defining security protection requirements, processes, and methods to ensure the resilience of systems and data.

ESCO source
security threats

Types of cyber or physical security threats to public and private security such as unauthorised entry, aggressive behaviour, molestation, robbery, theft, hacking, malware, phishing, identity theft, assault, kidnapping, murder and public demonstration.

ESCO source
Essential skills and competences 8 competences

Occupation specific

1 competence
establish an ICT security prevention plan

Define a comprehensive and proactive strategy for managing information and communication technology (ICT) security risks by establishing a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unauthorised access to systems and resources, including up-to-date security applications and employee education.

digital
ESCO source

Sector-specific

5 competences
advice on security risk management

Provide advice on security risk management policies and prevention strategies and their implementation, being aware of the different kinds of security risks a specific organisation faces.

ESCO source
ensure adherence to organisational ICT standards

Guarantee that the state of events is in accordance with the ICT rules and procedures described by an organisation for their products, services and solutions.

digital
ESCO source
establish an Information Security Management System

Design, apply, monitor and review an Information Security Management System (ISMS) that preserves the confidentiality, integrity and availability of information by applying a risk management process, and gives confidence to interested parties regarding the adequate management of such cybersecurity-related risks.

digital
ESCO source
implement ICT risk management

Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

digital
ESCO source
manage system security

Analyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and implement effective countermeasures.

digital
ESCO source

Cross-sector

2 competences
communicate with stakeholders

Facilitate communication between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.

ESCO source
engage with stakeholders

Use a variety of processes that result in mutually negotiated agreements, shared understandings and consensus building. Build partnerships within the work context.

ESCO source
Optional knowledge 29 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

26 competences
cloud monitoring and reporting

The metrics and alarms utilizing cloud monitoring services, in particular performance and availability metrics.

digital
ESCO source
cloud security and compliance

Cloud security and compliance concepts, including shared responsibility model, cloud access management capabilities, and resources for security support.

digital
ESCO source
computer forensics

The process of examining and recovering digital data from sources for legal evidence and crime investigation.

digital
ESCO source
decision support systems

The ICT systems that can be used to support business or organisational decision making.

digital
ESCO source
domain name service

Naming database which maps internet domain names to Internet Protocol (IP) addresses. The Domain Name System allows internet users to utilise names such as website titles instead of remembering numeric IP addresses used by computers to locate a concrete website

digital
ESCO source
hybrid model

The hybrid model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems within a variety of architectural styles, such as enterprise architecture.

digital
ESCO source
ICT encryption

The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).

digital
ESCO source
ICT problem management techniques

The techniques related to identifying the solutions of the root cause of ICT incidents.

digital
ESCO source
ICT process quality models

The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

digital
ESCO source
ICT project management

The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.

digital
ESCO source
ICT quality policy

The quality policy of the organisation and its objectives, the acceptable level of quality and the techniques to measure it, its legal aspects and the duties of specific departments to ensure quality.

digital
ESCO source
ICT recovery techniques

The techniques for recovering hardware or software components and data, after failure, corruption or damage.

digital
ESCO source
ICT security legislation

The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.

digital
ESCO source
ICT system user requirements

The process intended to match user and organisation's needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.

digital
ESCO source
information confidentiality

The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.

digital
ESCO source
internet governance

The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.

digital
ESCO source
Internet of Things

The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).

digital
ESCO source
investment analysis

The methods and tools for analysis of an investment compared to its potential return. Identification and calculation of profitability ratio and financial indicators in relation to associated risks to guide decision on investment.

ESCO source
levels of software testing

The levels of testing in the software development process, such as unit testing, integration testing, system testing and acceptance testing.

digital
ESCO source
mobile device management

The methods for managing the use of mobile devices within an organisation, while ensuring security.

digital
ESCO source
Open source model

The open source model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems within a variety of architectural styles, such as enterprise architecture.

digital
ESCO source
organisational resilience

The strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

ESCO source
Outsourcing model

The outsourcing model consists of principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems within a variety of architectural styles, such as enterprise architecture.

digital
ESCO source
service-oriented modelling

The principles and fundamentals of service-oriented modelling for business and software systems that allow the design and specification of service-oriented business systems within a variety of architectural styles, such as enterprise architecture and application architecture.

digital
ESCO source
tools for ICT test automation

The specialised software to execute or control tests and compare predicted testing outputs with actual testing results such as Selenium, QTP and LoadRunner

digital
ESCO source
web application security threats

The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP.

digital
ESCO source

Cross-sector

3 competences
audit techniques

The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.

digital
ESCO source
legal requirements of ICT products

The international regulations related to the development and use of ICT products.

ESCO source
systems development life-cycle

The sequence of steps, such as planning, creating, testing and deploying and the models for the development and life-cycle management of a system.

digital
ESCO source
Optional skills and competences 21 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

16 competences
define security policies

Design and execute a written set of rules and policies that have the aim of securing an organisation concerning constraints on behaviour between stakeholders, protective mechanical constraints and data-access constraints.

ESCO source
define technology strategy

Create an overall plan of objectives, practices, principles and tactics related to the use of technologies within an organisation and describe the means to reach the objectives, taking into account analyses and relevant regulations.

ESCO source
design for organisational complexity

Determine cross-account authentication and access strategy for complex organizations (for example, an organization with varying compliance requirements, multiple business units, and varying scalability requirements). Design networks and multi-account cloud environments for complex organizations.

digital
ESCO source
develop information security strategy

Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

ESCO source
develop with cloud services

Write code that interacts with cloud services by using APIs, SDKs, and cloud CLI. Write code for serverless applications, translate functional requirements into application design, implement application design into application code.

digital
ESCO source
execute ICT audits

Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

digital
ESCO source
identify ICT security risks

Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

digital
ESCO source
implement a firewall

Download, install and update a network security system designed to prevent unauthorized access to a private network.

digital
ESCO source
implement a virtual private network

Create an encrypted connection between private networks, such as different local networks of a company, over the internet to ensure that only authorized users can access it and that the data cannot be intercepted.

digital
ESCO source
implement anti-virus software

Download, install and update software to prevent, detect and remove malicious software, such as computer viruses.

digital
ESCO source
implement cloud security and compliance

Implement and manage security policies and access controls on cloud. Differentiate between the roles and responsibilities within the shared responsibility model.

digital
ESCO source
implement ICT security policies

Implement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data classification, password management, access control and incident response.

digital
ESCO source
implement spam protection

Install and configure software that supports email-users to filter messages that contain malware or that are unsolicited.

digital
ESCO source
lead disaster recovery exercises

Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.

digital
ESCO source
manage keys for data protection

Select appropriate authentication and authorization mechanisms. Design, implement and troubleshoot key management and use. Design and implement a data encryption solution for data at rest and data in transit.

digital
ESCO source
use an application-specific interface

Understand and use interfaces particular to an application or use case.

digital
ESCO source

Cross-sector

5 competences
manage disaster recovery plans

Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

digital
ESCO source
remove computer virus or malware from a computer

Carry out actions to remove computer viruses or other types of malware from a computer.

digital
ESCO source
solve ICT system problems

Identify potential component malfunctions. Monitor, document and communicate about incidents. Deploy appropriate resources with minimal outage and deploy appropriate diagnostic tools.

digital
ESCO source
use back-up and recovery tools

Use tools which allow users to copy and archive computer software, configurations and data and recover them in case of loss.

digital
ESCO source
use ICT ticketing system

Utilise a specialised system to track registration, processing and resolution of issues in an organisation by assigning each of these issues a ticket, registering inputs from involved persons, tracking changes and displaying the status of the ticket, until it is completed.

digital
ESCO source