Apply knowledge presented in the text that security managers are accountable for the day-to-day operation of the information security program. They accomplish the objectives that are identified by the CISO and resolve issues that are identified by technicians.
Recall that candidates for this position often have a CISSP. Traditionally, managers earn the CISSP, and technical professionals earn the Global Information Assurance Certification (GIAC).
Identify the facts that security managers must have the ability to draft middle- and lower-level policies as well as standards and guidelines. They must have experience in traditional business matters, including budgeting, project management, and hiring and firing. They must also be able to manage technicians, both in the assignment of tasks and in the monitoring of activities.
Gain awareness that general job descriptions for this type of position often create confusion with respect to the title of the position and reporting relationship.