Skip to content
ESCO occupation

chief ICT security officer

Back to ESCO occupations

Chief ICT security officers protect company and employee information against unauthorized access. They also define the Information System security policy, manage security deployment across all Information Systems and ensure the provision of information availability.

2529.1 ISCO 2529 ESCO source
Competences
81
Groups
5
Essential
47
Optional
34

Competences and skills

81 ESCO relations
Essential competences 1 competence

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

0 competences

No competences in this bucket.

Cross-sector

0 competences

No competences in this bucket.

Essential knowledge 21 competences

Occupation specific

0 competences

No competences in this bucket.

Sector-specific

16 competences
attack vectors

Paths or methods that threat actors use to exploit vulnerabilities in information networks or systems from a concrete organisation and impact its availability, integrity and confidentiality. Attack vectors may include social engineering tactics such as phishing mails or pretexting, technical exploits as SQL injection as well as buffer overflow attacks.

digital
ESCO source
cyber attack counter-measures

Methods, technologies and techniques used to defend (detect, monitor and recover) against cyber attacks. These cyber attacks include several attack vectors such as malware, denial of service (DoS) attacks and phishing. Intrusion prevention systems (IPS), firewall, antivirus, intrusion detection systems (IDS), cybersecurity training, backup, Information Security Management System (ISM), multi-factor authentication and employ awareness, are some examples of the methods used.

digital
ESCO source
cyber security

The methods and best practices that protect ICT systems, networks, computers, devices, services, processes and people against unauthorised access, modification and/or denial of service of assets.

digital
ESCO source
data protection

The principles, ethical issues, regulations and protocols of data protection.

digital
ESCO source
decision support systems

The ICT systems that can be used to support business or organisational decision making.

digital
ESCO source
ethical hacking principles

The set of actions that are carried out to detect vulnerabilities within a computerised system in order to improve security within an organisation. They aim to identify and address data breaches and threats in a network.

digital
ESCO source
ICT network security risks

The security risk factors, such as hardware and software components, devices, interfaces and policies in ICT networks, risk assessment techniques that can be applied to assess the severity and the consequences of security threats and contingency plans for each security risk factor.

digital
ESCO source
ICT process quality models

The quality models for ICT services which address the maturity of the processes, the adoption of recommended practices and their definition and institutionalisation that allow the organisation to reliably and sustainably produce required outcomes. It includes models in a lot of ICT areas.

digital
ESCO source
ICT project management

The methodologies for the planning, implementation, review and follow-up of ICT projects, such as the development, integration, modification and sales of ICT products and services, as well as projects relating technological innovation in the field of ICT.

digital
ESCO source
ICT project management methodologies

The methodologies or models for planning, managing and overseeing of ICT resources in order to meet specific goals, such methodologies are Waterfall, Incremental, V-Model, Scrum or Agile and using project management ICT tools.

digital
ESCO source
ICT security legislation

The set of legislative rules that safeguards information technology, ICT networks and computer systems and legal consequences which result from their misuse. Regulated measures include firewalls, intrusion detection, anti-virus software and encryption.

digital
ESCO source
ICT security standards

Best practices and guidelines established for securing information and communication technology (ICT) systems and data. Standards as is the case of ISO 27000 series, provide a framework for implementing effective security controls, including access control, risk assessment and incident management, as well as to provide compliance of anorganisation.

digital
ESCO source
information confidentiality

The mechanisms and regulations which allow for selective access control and guarantee that only authorised parties (people, processes, systems and devices) have access to data, the way to comply with confidential information and the risks of non-compliance.

digital
ESCO source
information security strategy

The plan defined by a company which sets the information security objectives and measures to mitigate risks, define control objectives, establish metrics and benchmarks while complying with legal, internal and contractual requirements.

digital
ESCO source
internal risk management policy

The internal risk management policies that identify, assess and prioritise risks in an IT environment. The methods used to minimise, monitor and control the possibility and the impact of disastrous events that affect the reaching of business goals.

digital
ESCO source
organisational resilience

The strategies, methods and techniques that increase the organisation's capacity to protect and sustain the services and operations that fulfil the organisational mission and create lasting values by effectively addressing the combined issues of security, preparedness, risk and disaster recovery.

ESCO source

Cross-sector

5 competences
assessment of risks and threats

The security documentation and any security-related communications and information.

digital
ESCO source
audit techniques

The techniques and methods that support a systematic and independent examination of data, policies, operations and performances using computer-assisted audit tools and techniques (CAATs) such as spreadsheets, databases, statistical analysis and business intelligence software.

digital
ESCO source
ethics

The philosophical study that deals with solving questions of human morality; it defines and systemises concepts such as right, wrong, and crime.

ESCO source
risk management

The process of identifying, assessing, and prioritising of all types of risks and where they could come from, such as natural causes, legal changes, or uncertainty in any given context, and the methods for dealing with risks effectively.

ESCO source
security engineering

Interdisciplinary field of study that focuses on the realisation of secure systems and the technology to protect individuals or information from malice, errors, or unauthorized access. It involves defining security protection requirements, processes, and methods to ensure the resilience of systems and data.

ESCO source
Essential skills and competences 25 competences

Occupation specific

1 competence
establish an ICT security prevention plan

Define a comprehensive and proactive strategy for managing information and communication technology (ICT) security risks by establishing a set of measures and responsibilities to ensure the confidentiality, integrity and availability of information. Implement policies to prevent data breaches, detect and respond to unauthorised access to systems and resources, including up-to-date security applications and employee education.

digital
ESCO source

Sector-specific

14 competences
advice on security risk management

Provide advice on security risk management policies and prevention strategies and their implementation, being aware of the different kinds of security risks a specific organisation faces.

ESCO source
develop information security strategy

Create company strategy related to the safety and security of information in order to maximise information integrity, availability and data privacy.

ESCO source
ensure adherence to organisational ICT standards

Guarantee that the state of events is in accordance with the ICT rules and procedures described by an organisation for their products, services and solutions.

digital
ESCO source
ensure information privacy

Design and implement business processes and technical solutions to guarantee data and information confidentiality in compliance with legal requirements, also considering public expectations and political issues of privacy.

ESCO source
establish an Information Security Management System

Design, apply, monitor and review an Information Security Management System (ISMS) that preserves the confidentiality, integrity and availability of information by applying a risk management process, and gives confidence to interested parties regarding the adequate management of such cybersecurity-related risks.

digital
ESCO source
identify ICT security risks

Apply methods and techniques to identify potential security threats, security breaches and risk factors using ICT tools for surveying ICT systems, analysing risks, vulnerabilities and threats and evaluating contingency plans.

digital
ESCO source
implement corporate governance

Apply a set of principles and mechanisms by which an organisation is managed and directed, set procedures of information, control flow and decision making, distribute rights and responsibilities among departments and individuals, set corporate objectives and monitor and evaluate actions and results.

ESCO source
implement ICT risk management

Develop and implement procedures for identifying, assessing, treating and mitigating ICT risks, such as hacks or data leaks, according to the company's risk strategy, procedures and policies. Analyse and manage security risks and incidents. Recommend measures to improve digital security strategy.

digital
ESCO source
implement ICT security policies

Implement statements, assertions or rules that specify the appropriate use and protection of the ICT assets and systems from an organisation. These ICT security policies cover topics such as data classification, password management, access control and incident response.

digital
ESCO source
lead disaster recovery exercises

Head exercises which educate people on what to do in case of an unforeseen disastrous event in the functioning or security of ICT systems, such as on recovery of data, protection of identity and information and which steps to take in order to prevent further problems.

digital
ESCO source
maintain plan for continuity of operations

Update methodology which contains steps to ensure that facilities of an organisation are able to continue operating, in case of broad range of unforeseen events.

ESCO source
manage IT security compliances

Guide application and fulfilment of relevant industry standards, best practices and legal requirements for information security.

digital
ESCO source
manage system security

Analyse the critical assets of a company and identify weaknesses and vulnerabilities that lead to intrusion or attack. Apply security detection techniques. Understand cyber attack techniques and implement effective countermeasures.

digital
ESCO source
utilise decision support system

Use the available ICT systems that can be used to support business or organisational decision making.

digital
ESCO source

Cross-sector

10 competences
communicate with stakeholders

Facilitate communication between organisations and interested third parties such as suppliers, distributors, shareholders and other stakeholders in order to inform them of the organisation and its objectives.

ESCO source
comply with legal regulations

Ensure you are properly informed of the legal regulations that govern a specific activity and adhere to its rules, policies and laws.

ESCO source
educate on data confidentiality

Share information with and instruct users in the risks involved with data, especially risks to the confidentiality, integrity, or availability of data. Educate them on how to ensure data protection.

ESCO source
engage with stakeholders

Use a variety of processes that result in mutually negotiated agreements, shared understandings and consensus building. Build partnerships within the work context.

ESCO source
ensure compliance with legal requirements

Guarantee compliance with established and applicable standards and legal requirements such as specifications, policies, standards or law for the goal that organisations aspire to achieve in their efforts.

ESCO source
ensure cross-department cooperation

Guarantee communication and cooperation with all the entities and teams in a given organisation, according to the company strategy.

ESCO source
forecast organisational risks

Analyse the operations and actions of a company in order to assess their repercussions, possible risks for the company, and to develop suitable strategies to address these.

ESCO source
manage disaster recovery plans

Prepare, test and execute, when necessary, a plan of action to retrieve or compensate lost information system data.

digital
ESCO source
monitor developments in field of expertise

Keep up with new research, regulations, and other significant changes, labour market related or otherwise, occurring within the field of specialisation.

ESCO source
monitor technology trends

Survey and investigate recent trends and developments in technology. Observe and anticipate their evolution, according to current or future market and business conditions.

ESCO source
Optional knowledge 16 competences

Occupation specific

1 competence
control objectives for information and related technology

The risk and controls framework such as Control Objectives for Information and Related Technology (COBIT), which supports decision makers to resolve the gap between business risks, requirements and technical issues.

digital
ESCO source

Sector-specific

13 competences
cloud monitoring and reporting

The metrics and alarms utilizing cloud monitoring services, in particular performance and availability metrics.

digital
ESCO source
cloud security and compliance

Cloud security and compliance concepts, including shared responsibility model, cloud access management capabilities, and resources for security support.

digital
ESCO source
cloud technologies

The technologies which enable access to hardware, software, data and services through remote servers and software networks irrespective of their location and architecture.

digital
ESCO source
computer forensics

The process of examining and recovering digital data from sources for legal evidence and crime investigation.

digital
ESCO source
ICT communications protocols

The system of rules which allow the exchange of information between computers or other devices via computer networks.

digital
ESCO source
ICT encryption

The conversion of electronic data into a format which is readable only by authorized parties which use key encryption techniques, such as Public Key Infrastructure (PKI) and Secure Socket Layer (SSL).

digital
ESCO source
ICT infrastructure

The system, network, hardware and software applications and components, as well as devices and processes that are used in order to develop, test, deliver, monitor, control or support ICT services.

digital
ESCO source
ICT recovery techniques

The techniques for recovering hardware or software components and data, after failure, corruption or damage.

digital
ESCO source
ICT system user requirements

The process intended to match user and organisation's needs with system components and services, by taking into consideration the available technologies and the techniques required to elicit and specify requirements, interrogating users to establish symptoms of problem and analysing symptoms.

digital
ESCO source
internet governance

The principles, regulations, norms and programs that shape the evolution and use of internet, such as internet domain names management, registries and registrars, according to ICANN/IANA regulations and recommendations, IP addresses and names, name servers, DNS, TLDs and aspects of IDNs and DNSSEC.

digital
ESCO source
Internet of Things

The general principles, categories, requirements, limitations and vulnerabilities of smart connected devices (most of them with intended internet connectivity).

digital
ESCO source
software anomalies

The deviations of what is standard and exceptional events during software system performance, identification of incidents that can alter the flow and the process of system execution.

digital
ESCO source
web application security threats

The attacks, vectors, emergent threats on websites, web applications and web services, the rankings of their severity identified by dedicated communities such as OWASP.

digital
ESCO source

Cross-sector

2 competences
computer programming

The techniques and principles of software development, such as analysis, algorithms, coding, testing and compiling of programming paradigms (e.g. object oriented programming, functional programming) and of programming languages.

digCompdigital
ESCO source
World Wide Web Consortium standards

The standards, technical specifications and guidelines developed by the international organisation World Wide Web Consortium (W3C) which allow the design and development of web applications.

digital
ESCO source
Optional skills and competences 18 competences

Occupation specific

1 competence
apply operations for an ITIL-based environment

Properly operate ITIL (Information Technology Infrastructure Library) based service desk procedures.

digital
ESCO source

Sector-specific

9 competences
assess ICT knowledge

Evaluate the implicit mastery of skilled experts in an ICT system to make it explicit for further analysis and usage.

digital
ESCO source
coordinate technological activities

Give instructions to colleagues and other cooperating parties in order to reach the desired outcome of a technological project or achieve set goals within an organisation dealing with technology.

ESCO source
execute ICT audits

Organise and execute audits in order to evaluate ICT systems, compliance of components of systems, information processing systems and information security. Identify and collect potential critical issues and recommend solutions based on required standards and solutions.

digital
ESCO source
implement a firewall

Download, install and update a network security system designed to prevent unauthorized access to a private network.

digital
ESCO source
implement a virtual private network

Create an encrypted connection between private networks, such as different local networks of a company, over the internet to ensure that only authorized users can access it and that the data cannot be intercepted.

digital
ESCO source
implement anti-virus software

Download, install and update software to prevent, detect and remove malicious software, such as computer viruses.

digital
ESCO source
implement cloud security and compliance

Implement and manage security policies and access controls on cloud. Differentiate between the roles and responsibilities within the shared responsibility model.

digital
ESCO source
manage keys for data protection

Select appropriate authentication and authorization mechanisms. Design, implement and troubleshoot key management and use. Design and implement a data encryption solution for data at rest and data in transit.

digital
ESCO source
optimise choice of ICT solution

Select the appropriate solutions in the field of ICT while taking into account potential risks, benefits and overall impact.

digital
ESCO source

Cross-sector

8 competences
conduct impact evaluation of ICT processes on business

Evaluate the tangible consequences of the implementation of new ICT systems and functions on the current business structure and organisational procedures.

digital
ESCO source
create solutions to problems

Solve problems which arise in planning, prioritising, organising, directing/facilitating action and evaluating performance. Use systematic processes of collecting, analysing, and synthesising information to evaluate current practice and generate new understandings about practice.

ESCO source
identify legal requirements

Conduct research for applicable legal and normative procedures and standards, analyse and derive legal requirements that apply to the organisation, its policies and products.

ESCO source
manage digital identity

Create and manage one or multiple digital identities, be able to protect one's own reputation, deal with the data that one produces through several digital tools, environments and services.

digCompdigitaltransversal
ESCO source
manage staff

Manage employees and subordinates, working in a team or individually, to maximise their performance and contribution. Schedule their work and activities, give instructions, motivate and direct the workers to meet the company objectives. Monitor and measure how an employee undertakes their responsibilities and how well these activities are executed. Identify areas for improvement and make suggestions to achieve this. Lead a group of people to help them achieve goals and maintain an effective working relationship among staff.

ESCO source
protect personal data and privacy

Protect personal data and privacy in digital environments. Understand how to use and share personally identifiable information while being able to protect oneself and others from damages. Understand that digital services use a “Privacy policy” to inform how personal data is used.

digCompdigital
ESCO source
train employees

Lead and guide employees through a process in which they are taught the necessary skills for the perspective job. Organise activities aimed at introducing the work and systems or improving the performance of individuals and groups in organisational settings.

ESCO source
use different communication channels

Make use of various types of communication channels such as verbal, handwritten, digital and telephonic communication with the purpose of constructing and sharing ideas or information.

ESCO source