Security Roles

Chief Information Security Officer –

Senior level executive generally responsible for an organization’s security staff, security operations, defining its overall strategic direction, and communicating with top level executive staff on how the organization approaches security in its products and services.

Code Review Specialist

Generally responsible for reviewing software source code to identify potential vulnerabilities and potential for unauthorized access.


Generally responsible for analyzing encrypted information to break code or to determine the purpose of malicious software.


A encryption specialist who applies different encryption mechanisms to secure information or to build security software for an organization. May also research new encryption techniques.

Forensics specialist

Performs various types of investigation after an organizations suspects that they have experienced a security breach, gathering images of potentially impacted systems and gathering evidence.

Penetration Tester, White Hat Hacker, and/or Ethical Hacker

Penetration Testers perform different forms of penetration testing for organizations in an attempt to expose various types of technical and non-technical vulnerabilities.

Incident Response Specialist

Prepares for security events, establishes documented processes for handling security incidents, performs incident drills (incident planning), contains and manages (during incidents), implements changes and drives remediation activities (post incident)

Security Analyst

Implement and analyze various system, application, and network controls intended to keep an organization’s key data protected from cyber events. Typically must stay current on latest cyber defense trends and analyze actual events to plan for incident response, as well as execute when an organization is breached.

Security Architect

Responsible for the development and maintenance of network security for his or her organization, including security policies and procedures for employees and others with access to computer, network and data systems.

Security Auditor

Perform cyber security audits for organizations using different types of compliance frameworks. Types of audits will vary depending upon the customer’s industry, business operations, and compliance requirements.

Security Consultant

Provide advisory services to internal business groups or external organizations for general security strategies, making best use of security budget based on business goals and risk tolerance. Identify top security objectives, striving for blend of efficiency and efficacy.

Security Developer

Develops security software for monitoring/alerting, traffic analysis, intrusion detection, virus detection, anti-virus, etc. May also perform software development and implement security controls for an organization’s line of business applications and legacy systems.

Security Engineer

Design security systems; maintain security systems; check for potential vulnerabilities in security systems; log suspicious activity; developing automation scripts to track security incidents.

Security Specialist

This role applies if you have a very specialized, almost “niche” expertise for a security function that applies to a technology, network function, domain, or working functional area that is not covered by the standard roles on our list.

Security Systems Admin

Install, administer, maintain and troubleshooting computer, network and data security systems. Typically primary contact for the operation of said systems (monitoring system, setting up users, back-ups, etc.).  May assist with development of processes for personnel.

Privacy Roles


Chief Privacy Officer

Senior leader responsible for an organization’s strategy related to protection of personal data of customers, partners, and employees. Manage privacy and data protection staff.

VP, Privacy and Data Protection

Similar to a Chief Privacy Officer, a senior level executive with responsibility that includes ensuring a company’s overall compliance.  For highly regulated industries such as financial services, a VP of compliance may wear both a privacy and security hat, ensuring compliance for both areas.

Privacy Analyst

Perform privacy reviews against compliance standards for technical and non-technical functions of an organization.  Implement & monitor privacy compliance.  Establish metrics to show progress against privacy related objectives. May be responsible for one core function or multiple functions across an organization.

Privacy Attorney, Legal Counsel

A privacy attorney focuses on relevant legal issues that organizations face in their data protection efforts.  A privacy attorney will typically be consulted when legal questions arise pertaining to an organization’s service offerings for collecting personal data and how they should collect it in a manor that complies with local and international privacy laws.

Privacy Consultant

Typically a customer-facing role who presents different strategies for implementing a privacy program, best practices, and utilizing resources efficiently and cost effectively.  Presents to various audience types.

Privacy Director

A senior level leader for privacy functions in an organization typically responsible for multiple services, products, or divisions as well as the privacy staff supporting them.  May report to the Chief Privacy Officer or other senior executive responsible for the organization’s privacy efforts.

Privacy Specialist

May have a very niche skill-set for an in-demand function in privacy.  For instance, the EU data privacy regulation, GDPR, is driving high demand for all organizations who touch EU personal data. A specialist in GDPR with a particular focus on international bulk data transfers may be required for an organization who participates in online advertising.